-   Fedora (
-   -   firewalld (

sunveer 02-03-2013 08:32 AM

Fedora wiki says:
"The current firewall model is static and every change requires a complete firewall restart. This includes also to unload the firewall netfilter kernel modules and to load the modules that are needed for the new configuration. The unload of the modules is breaking stateful firewalling and established connections.

The firewall daemon on the other hand manages the firewall dynamically and applies changes without restarting the whole firewall. Therefore there is no need to reload all firewall kernel modules"

How is it so that changes are applied dynamically?

jpopelka 02-03-2013 04:41 PM

All the "firewalls" (see for example for linux are actually a front-ends to iptables tool which sets the firewall in kernel. AFAIC the result of all of them is a list of rules that can be read by iptables-restore command. Type iptables-save in terminal and you'll see what list I'm talking about. So whenever you modify firewall with these ("static") "firewalls" you flush all the old rules and read and apply all the new rules.

The "dynamic" in case of firewalld means that with each change you do, firewalld applies only the one change and do not recreate the firewall from scratch. It does that with iptables. For example it runs 'iptables -A ...' if you've allowed some service or 'iptables -D ...' if you've removed some service.

All times are GMT -5. The time now is 02:04 AM.