On Oct 22, 2019, at 15:04, Chris Adams <linux at cmadams.net> wrote: > > firewalld is not really the same thing as iptables though; it's more of > a management layer on top of just writing raw rules. One big issue I > have though is that firewalld always sets up kernel connection state > tracking, which is not a good thing for some uses (high-traffic DNS > servers for example). One major change is that the Firewalld in el8 doesn’t use “iptables” rules (netfilter) but instead “nft” rules (nftables). -- Jonathan Billings