--On Friday, December 14, 2018 11:48 PM -0500 Jon LaBadie <jcu@xxxxxxxxxx>
wrote:
I don't play with iptables, so I assume it is a legacy
continued from CentOS 6.x. I'll gladly remove the
iptables service package.
firewalld is a user-space layer on top of the kernel's iptables machinery.
It provides for dynamic changes to the underlying iptables firewall. The
old firewall configuration (iptables.service, previously implemented as an
initscript in older CentOS versions) assumed a static firewall that was
loaded once at boot time. Changes required flushing the entire set of rules
and starting again, but that would disrupt running network applications.
Firewalld is a higher level description that is able to and and remove
rules on a running machine without disrupting applications. It still uses
the iptables machinery under the hood. It's good for dynamic systems like
mobile devices where interfaces come and go and the device changes networks
frequently.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
