上QQ阅读APP看书，第一时间看更新

firewalld for Red Hat systems

So far, we've looked at iptables, a generic firewall management system that's available on all Linux distros, and ufw, which is available for Debian/Ubuntu-type systems. For our next act, we turn our attention to firewalld, which is the default firewall manager on Red Hat Enterprise Linux 7/8 and all of their offspring.

But here's where things get a bit confusing. On RHEL/CentOS 7, firewalld is implemented differently from the way it is on RHEL/CentOS 8. That's because, on RHEL/CentOS 7, firewalld uses the iptables engine as its backend. On RHEL/CentOS 8, firewalld uses nftables as its backend. Either way, you can't create rules with normal iptables or nftables commands because firewalld stores the rules in an incompatible format.

Until very recently, firewalld was only available for RHEL 7/8 and their offspring. Now, however, firewalld is also available in the Ubuntu repositories. So, if you want to run firewalld on Ubuntu, you finally have that choice.

If you're running Red Hat or CentOS on a desktop machine, you'll see that there is a GUI frontend for firewalld in the applications menu. On a text-mode server, though, all you have is the firewalld commands. For some reason, the Red Hat folk haven't created an ncurses-type program for text-mode servers as they did for iptables configuration on older versions of Red Hat.

A big advantage of firewalld is the fact that it's dynamically managed. That means that you can change the firewall configuration without restarting the firewall service, and without interrupting any existing connections to your server.

Before we look at the differences between the RHEL/CentOS 7 and the RHEL/CentOS 8 versions of firewalld, let's look at the stuff that's the same for both.