The firewalld firewall is the default firewall management tool of the Centos7 system. It replaces the previous iptables firewall. It also works at the network layer and belongs to the packet filtering firewall.
Both firewalld and iptables are tools used to manage firewalls (belonging to the user mode) to define various rule functions of the firewall, and the internal structure is directed to the netfilter network filtering subsystem (belonging to the kernel mode) to realize the packet filtering firewall function.
firewalld provides a dynamic firewall management tool that supports network connections and interface security levels defined by network zones. It supports IPv4, IPv6 firewall settings and Ethernet bridges (may be used in some advanced services, such as cloud computing), and has two configuration modes: runtime configuration and permanent configuration.
Two, the difference between firewalld and iptables
iptables is mainly based on the interface to set rules to determine the security of the network. Firewalld is based on zones, and different rules are set according to different zones to ensure network security. Similar to the setting of hardware firewall.
Iptables stores configuration in /etc/sysconfig/iptables, firewalld stores the configuration in various XML files in /etc/firewalld/ (load priority) and /usr/lib/ firewalld/ (default configuration file).
Each individual change using iptables means clearing all old rules and reading all new rules from /etc/sysconfig/iptables. Using firewalld will not create any new rules, just run the differences in the rules. Therefore, firewalld can change the settings during runtime without losing the current connection.
iptables firewall type is static firewall firewalld firewall type is dynamic firewall