On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
On Thu, 30 Oct 2014 03:56:58 +0000
Always Learning <centos@xxxxxxxxxxx> wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like structure and syntax is definitely
unappealing to many normal firewall users.
If you compare the syntax of the two equivalent commands,
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd --add-service=http
I'd say that the second one appears simpler, more readable, more
intuitive, and less sensitive to typos. No reboot is required for
either. I fail to see what is so unappealing to a user in the second
one. I don't know who is a "normal firewall user". Finally, I don't see
any Windows-like syntax in the second one (AFAIK, Windows doesn't have
any syntax, you need to click your way through menus and checkboxes and
stuff to tweak the firewall in Windows).
To do this in cmd line on Windows:
netsh advfirewall firewall add rule name=httpd dir=in \
localport=80 protocol=tcp enable=yes \
profile=private,domain \
remoteip=192.168.1.1,192.168.2.1 action=allow
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
