On 10/25/18 2:41 AM, Warren Young wrote:
On Oct 24, 2018, at 8:06 PM, Joel Freeman <j...@joelazot.xyz> wrote:
Is there any reason to use Firewalld over IPTables?
Lots: https://firewalld.org/
I'm incredibly new to Linux administration
Given that, which would you rather type:
$ sudo firewall-cmd --add-service=ftp
or whatever that does under the hood, which probably resembles the 7 commands
given here:
https://unix.stackexchange.com/a/93555/138
The commands given will only take effect while the system runs, so to make them
permanent, you have to edit `/etc/sysconfig/iptables` with a somewhat different
syntax.
Contrast FirewallD, where you just re-issue the command above with a single
additional flag:
$ sudo firewall-cmd --add-service=ftp --permanent
FTP is an uncommonly difficult case, but direct iptables manipulation remains
more difficult even in the single-port case.
FirewallD doesn’t require that you use predefined services, either. It works
just fine with raw port numbers:
$ sudo firewall-cmd --add-port=50000/tcp
Contrast the equivalent iptables command:
$ sudo iptables -A INPUT -p tcp --dport 50000 -j ACCEPT
…and that only works if inserting into the INPUT chain is what you actually
want to do, which it might not be on a system managed by FirewallD, which
probably set up some more complicated chain scheme you’d have to understand in
order to get the expected behavior.
Why not let FirewallD handle all of that for you?
I don’t miss direct iptables manipulation.
Thanks Warren for nice quick start covering everything one needs to
configure firewalld. There is one thing I am related to "direct iptables
manipulation" which is: suppose I made configuration of some machine,
which then I am going to replicate just by using kickstart when building
new machines. What should I add to kickstart configuration file to make
my configured firewalld part reproduced on all newly built machines?
Thanks again!
Valeri
PS Your quick startup reminds me how we were introducing UNIX (shell) to
new users: basically we were showing them a handful of commands (5-10)
with which person can start, and knowing which person can start doing
what one needs. Bottom line: it takes 5-10 minutes to start using UNIX,
no need to read 1000 page book before starting. I have exactly the same
feeling after your introduction into firewalld - (except kickstart
missing for me).
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
