Quote:
Originally Posted by acidblue
I have an unusual situation that I have a VPS with CentOS 7 installed, but it has iptables instead of firewalld.
|
Congratulations, that's one of the sane changes I apply to any new RHEL / CentOS-7...
Quote:
Originally Posted by acidblue
I want to repalce iptabels with firewalld
|
First of all please note that under the hood nothing has changed at all (yet) and any user land tool still interfaces with the in-kernel Netfilter framework. Secondly if you potentially misread
this kind of deliberately crippled "information":
Quote:
With the iptables service, every single change means flushing all the old rules and reading all the new rules from /etc/sysconfig/iptables while with firewalld there is no re-creating of all the rules; only the differences are applied. Consequently, firewalld can change the settings during run time without existing connections being lost.
|
then you might argue "the iptables service" isn't any good. Well thats nice but its wrong as you can easily and dynamically change iptables rule sets from the command line without having to reload the complete rule set. Third: have you read any firewalld documentation or firewalld vs iptables comparisons? Are there any features you likely need on your server? Have you checked apps you regularly use (like for example fail2ban) if they already support firewalld?
Quote:
Originally Posted by acidblue
could i get some advice
|
If your current iptables setup doesn't require any features firewalld uniquely offers then why use it?..