Comparison of Firewalld to system-config-firewall and iptables
The essential difference between firewalld and iptables service are:
-
The iptables service stores configuration in
/etc/sysconfig/iptableswhile firewalld stores it in various XML files in/usr/lib/firewalld/and/etc/firewalld/. Note that the/etc/sysconfig/iptablesdoes not exist as firewalld is installed be default on Fedora. -
With the iptables service, every single change means flushing all the old rules and reading all the new rules from
/etc/sysconfig/iptableswhile with firewalld there is no re-creating of all the rules; only the differences are applied. Consequenly, firewalld can change the settings during run time without existing connections being lost
Both use iptables tool to talk to the kernel packet filter.