On 4/28/20 5:15 AM, Chris Adams wrote:
Once upon a time, Samuel Sieb samuel@sieb.net said:
I still make my own iptables scripts, mostly using fwbuilder. I think it might be possible to add the dynamic rules I would like to have if I switch to firewalld, but I haven't had the time for that yet. And then there's nftables which is the new replacement for iptables.
Just to clear up some misconception: firewalld is not a replacement for iptables. firewalld is a front-end to iptables, similar to shorewall and some other firewall management tools. firewalld (and shorewall and so on) is a replacement for manually writing rules and putting them in /etc/sysconfig/iptables though.
I hope you didn't think I was implying otherwise. I was just saying that firewalld might be able to replace me having to write my own iptables scripts. I also mentioned nftables.