Need Firewalld Clue
I don’t really understand the intent behind firewalld. The RHEL7 Security Guide states “A graphical configuration tool, *firewall-config*, is used to configure firewalld, which in turn uses *iptables tool* to communicate with
*Netfilter* in the kernel which implements packet filtering”.
So is the goal for firewalld to implement a GUI for iptables? What is the
“value added” by firewalld?
Thanks….Nick Geo
2 thoughts on - Need Firewalld Clue
Well, the order from Kernel inside outward is:
1. Netfilter (inside Kernel), not directly accessible by userland
2. iptables/iptables6, the userland cli tools to manipulate the Netfilter
entries, mighty and complex, error-prone for casual use.
3. firewalld(RedHat/CentOS), or SuSEfirewall(Suse), or similar are the
tools that simplify the task of creating the needed iptable rules, as
not every one wants to write them by hand.
4. GUI tools, that allow to manipulate the config of firewalld (or similar),
for those that are unfamilar with the command line, or want a quick and
graphical way to do the job needed.
Does that answer your question about *value added* by GUI tools?
Not every user that needs to change firewall settings is a certified UNIX admin.
– Yamaban.
Yamaban wrote:
It might be mentioned that the previous firewall is still available. It can obtained by “yum install system-config-firewall”.
Actually I use shorewall – I’m not sure how this compares with firewalld. It is certainly much better documented.