On Tue, Oct 02, 2018 at 10:08:52PM -0400, Igor Kapushkin wrote:
Hello,
I am new to firewalld and I have a some questions because I am curious
about it.
First, the documentation says that firewalld can have multiple backends. I
find it strange that the image on that documentation page lists such
different things such as iptables, ebtables and NetworkManager. I imagine
that the way firewalld interacts with iptables/ebtables/etc. is completely
different that the way it interacts with NetworkManager. I'm confused why
NetworkManager is called a "backend" in that case.
"backend" often just means "something not directly exposed to the user".
Firewalld communicates with NetworkManager to manage interface to zone
assignments (e.g. --add-interface).
When referring to a FirewallBackend there are two options; iptables and
nftables. In Firewalld, nftables support is very new. These are the low
level firewall implementation offered by the OS (Linux). Firewalld
provides an abstraction over these.Second, I have a computer running Centos 7. I can see that the iptables is
installed, but the service (systemctl status iptables) is not part of the
OS. I also know that on Centos 7 firewalld interfaces with iptables. My
questions is, why is firewalld interfacing with iptables if the iptables
service is not even installed? What's the point in doing that? I'm not an
expert in the area, so I would really thank you if you could give me a
hint or an explanation. I'm confused how iptables can still be relevant if
the service is not there for systemd. How is iptables changing anything in
that scenario?
They are two different packages that manage the underlying iptables
firewall in different ways. They should never be used simultaneously.
iptables-services is a package to maintain persistent iptables rules. At
startup it will apply rules in /etc/sysconfig/iptables. If you use it,
you must manually write iptables rules.
Firewalld abstracts firewall concepts and makes it much easier for
users. It will then translate these concepts into iptables rules and
apply them for the user.
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org