Salta al contenuto principale

CentOS 7 - Networking Support • Re: Using Zones in Firewalld to Block Outbound Access

The active rules are in kernel's memory.
That memory ("netfilter" and/or "nf-tables" subsystems) is modified with a tool ('iptables', or 'nft' for the nf-tables).
A service does use tool to load ruleset (from file) into kernel at boot (and later).

The three services (firewalld, nftables, and iptables) are mutually exclusive.

For iptables.service we did create desired ruleset in kernel with tool iptables, and then stored that ruleset to file.

The FirewallD is more a front-end, UI, that we "talk to" and it does use the iptables tool as back-end.

Statistics: Posted by jlehtone — 2023/09/10 09:57:35