The active rules are in kernel's memory.
That memory ("netfilter" and/or "nf-tables" subsystems) is modified with a tool ('iptables', or 'nft' for the nf-tables).
A service does use tool to load ruleset (from file) into kernel at boot (and later).
The three services (firewalld, nftables, and iptables) are mutually exclusive.
For iptables.service we did create desired ruleset in kernel with tool iptables, and then stored that ruleset to file.
The FirewallD is more a front-end, UI, that we "talk to" and it does use the iptables tool as back-end.
That memory ("netfilter" and/or "nf-tables" subsystems) is modified with a tool ('iptables', or 'nft' for the nf-tables).
A service does use tool to load ruleset (from file) into kernel at boot (and later).
The three services (firewalld, nftables, and iptables) are mutually exclusive.
For iptables.service we did create desired ruleset in kernel with tool iptables, and then stored that ruleset to file.
The FirewallD is more a front-end, UI, that we "talk to" and it does use the iptables tool as back-end.
Statistics: Posted by jlehtone — 2023/09/10 09:57:35
Distro