First, the documentation says that firewalld can have multiple backends. I find it strange that the image on that documentation page lists such different things such as iptables, ebtables and NetworkManager. I imagine that the way firewalld interacts with iptables/ebtables/etc. is completely different that the way it interacts with NetworkManager. I'm confused why NetworkManager is called a "backend" in that case.

Second, I have a computer running Centos 7. I can see that the iptables is installed, but the service (systemctl status iptables) is not part of the OS. I also know that on Centos 7 firewalld interfaces with iptables. My questions is, why is firewalld interfacing with iptables if the iptables service is not even installed? What's the point in doing that? I'm not an expert in the area, so I would really thank you if you could give me a hint or an explanation. I'm confused how iptables can still be relevant if the service is not there for systemd. How is iptables changing anything in that scenario?