Hello,   I am new to firewalld and I have a some questions because I am curious about it.   First, the documentation says that firewalld can have multiple backends. I find it strange that the image on that documentation page lists such different things such as iptables, ebtables and NetworkManager. I imagine that the way firewalld interacts with iptables/ebtables/etc. is completely different that the way it interacts with NetworkManager. I'm confused why NetworkManager is called a "backend" in that case.

Second, I have a computer running Centos 7. I can see that the iptables is installed, but the service (systemctl status iptables) is not part of the OS. I also know that on Centos 7 firewalld interfaces with iptables. My questions is, why is firewalld interfacing with iptables if the iptables service is not even installed? What's the point in doing that? I'm not an expert in the area, so I would really thank you if you could give me a hint or an explanation. I'm confused how iptables can still be relevant if the service is not there for systemd. How is iptables changing anything in that scenario?

Thank you very much for your answer! Now I am curious to use NFTables with firewalld. I couldnt find documentation explaining how to upgrade. These are my specs:   CentOS 7.5 firewalld 0.4.4.4 NFTables installed (according to "modinfo nf_tables")

  Do I need to install the new version (0.6.2) firewalld from the tarball on the website or is there an easier way? 03.10.2018, 08:41, "Eric Garver" <egarver(a)redhat.com&gt;: On Tue, Oct 02, 2018 at 10:08:52PM -0400, Igor Kapushkin wrote:     Hello,           I am new to firewalld and I have a some questions because I am curious     about it.           First, the documentation says that firewalld can have multiple backends. I     find it strange that the image on that documentation page lists such     different things such as iptables, ebtables and NetworkManager. I imagine     that the way firewalld interacts with iptables/ebtables/etc. is completely     different that the way it interacts with NetworkManager. I'm confused why     NetworkManager is called a "backend" in that case. "backend" often just means "something not directly exposed to the user". Firewalld communicates with NetworkManager to manage interface to zone assignments (e.g. --add-interface). When referring to a FirewallBackend there are two options; iptables and nftables. In Firewalld, nftables support is very new. These are the low level firewall implementation offered by the OS (Linux). Firewalld provides an abstraction over these.     Second, I have a computer running Centos 7. I can see that the iptables is     installed, but the service (systemctl status iptables) is not part of the     OS. I also know that on Centos 7 firewalld interfaces with iptables. My     questions is, why is firewalld interfacing with iptables if the iptables     service is not even installed? What's the point in doing that? I'm not an     expert in the area, so I would really thank you if you could give me a     hint or an explanation. I'm confused how iptables can still be relevant if     the service is not there for systemd. How is iptables changing anything in     that scenario? They are two different packages that manage the underlying iptables firewall in different ways. They should never be used simultaneously. iptables-services is a package to maintain persistent iptables rules. At startup it will apply rules in /etc/sysconfig/iptables. If you use it, you must manually write iptables rules. Firewalld abstracts firewall concepts and makes it much easier for users. It will then translate these concepts into iptables rules and apply them for the user. _______________________________________________ firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora... References Visible links . mailto:firewalld-users@lists.fedorahosted.org . mailto:firewalld-users-leave@lists.fedorahosted.org . https://getfedora.org/code-of-conduct.html . https://fedoraproject.org/wiki/Mailing_list_guidelines . https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...

_______________________________________________ firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...