Once upon a time, Jonathan Billings <billings at negate.org> said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect. While iptables and nftables are two different in-kernel firewalls, the iptables CLI command is now a wrapper that can translate to the nftables backend for compatibility. However, it can only manage a subset of nftables information (basically what it can create in the iptables back-compat mode). The nftables rules created by firewalld don't fall into that category, so can't be viewed by iptables. Instead, use the nft command, like "nft list ruleset" to see a dump of all current rules. -- Chris Adams <linux at cmadams.net>