Software >> OS >> Unix >> Linux >> RHEL >> 7 >> What are the differences between iptables and firewalld and how to switch from one to the other to manager the host firewall rules

 

The essential differences between firewalld and the iptables (and ip6tables) services are:
  • The iptables service stores configuration in /etc/sysconfig/iptables and /etc/sysconfig/ip6tables, while firewalld stores it in various XML files in /usr/lib/firewalld/ and /etc/firewalld/. Note that the /etc/sysconfig/iptables file does not exist as firewalld is installed by default on Red Hat Enterprise Linux.
     
  • With the iptables service, every single change means flushing all the old rules and reading all the new rules from /etc/sysconfig/iptables, while with firewalld there is no recreating of all the rules. Only the differences are applied. Consequently, firewalld can change the settings during runtime without existing connections being lost.

To use iptables and ip6tables instead of firewalld

systemctl disable firewalld
systemctl stop firewalld

yum install iptables-services

systemctl start iptables
systemctl start ip6tables

systemctl enable iptables
systemctl enable ip6tables

To use firewalld instead of iptables/ip6tables

systemctl stop iptables
systemctl stop ip6tables

sysetmctl disable iptables
systemctl disable ip6tables

yum install firewalld

systemctl start firewalld
systemctl enable firewalld

 

NOTE:

firewalld package depends on iptables package.  At kernel level they rely on netfilter kernel module