[CentOS] Stupid C7 firewall question
Warren Young
warren at etr-usa.comThu Oct 25 07:41:50 UTC 2018
- Previous message: [CentOS] Stupid C7 firewall question
- Next message: [CentOS] Stupid C7 firewall question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Oct 24, 2018, at 8:06 PM, Joel Freeman <joel at joelazot.xyz> wrote: > > Is there any reason to use Firewalld over IPTables? Lots: https://firewalld.org/ > I'm incredibly new to Linux administration Given that, which would you rather type: $ sudo firewall-cmd --add-service=ftp or whatever that does under the hood, which probably resembles the 7 commands given here: https://unix.stackexchange.com/a/93555/138 The commands given will only take effect while the system runs, so to make them permanent, you have to edit `/etc/sysconfig/iptables` with a somewhat different syntax. Contrast FirewallD, where you just re-issue the command above with a single additional flag: $ sudo firewall-cmd --add-service=ftp --permanent FTP is an uncommonly difficult case, but direct iptables manipulation remains more difficult even in the single-port case. FirewallD doesn’t require that you use predefined services, either. It works just fine with raw port numbers: $ sudo firewall-cmd --add-port=50000/tcp Contrast the equivalent iptables command: $ sudo iptables -A INPUT -p tcp --dport 50000 -j ACCEPT …and that only works if inserting into the INPUT chain is what you actually want to do, which it might not be on a system managed by FirewallD, which probably set up some more complicated chain scheme you’d have to understand in order to get the expected behavior. Why not let FirewallD handle all of that for you? I don’t miss direct iptables manipulation.
- Previous message: [CentOS] Stupid C7 firewall question
- Next message: [CentOS] Stupid C7 firewall question
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list