best way to configure a firewall on RHEL7

sigint-ninja · 11-15-2016, 12:36 AM

hi guys,

read this:

The RHCSA objective does not define which tool you should use to create firewall rules. It just mentions that you should be able to create firewall rules by using iptables, firewall-config, or firewall-cmd. So, you do not have to be able to work with each of these tools; you just have to be able to configure a firewall with the tool that works best for you.

what would you recommend and why?
iptables
firewall-config
firewall-cmd

thanks

tshikose · 11-15-2016, 05:37 AM

Hi,

My recommendation is firewall-cmd.
iptables is still good, but it is the past.

TB0ne · 11-16-2016, 07:41 AM

Quote:

Originally Posted by sigint-ninja

hi guys,
read this:

The RHCSA objective does not define which tool you should use to create firewall rules. It just mentions that you should be able to create firewall rules by using iptables, firewall-config, or firewall-cmd. So, you do not have to be able to work with each of these tools; you just have to be able to configure a firewall with the tool that works best for you.

what would you recommend and why?
iptables
firewall-config
firewall-cmd

I wouldn't recommend any of them...because it's YOU taking the exam. Since you have the flexibility to choose one, the best and most obvious answer is for you to read about/try/study all three, and figure out which one you can use best. If all three do the same things, and your objective is to pass an exam, then whichever you find you can work with easiest, use.

sigint-ninja · 11-28-2016, 04:54 PM

so tbone,

it doesnt really matter? they all accomplish the same thing
but isnt there pros and cons to doing thins differently?
the previous poster said iptables is in the past...do you agree?

AwesomeMachine · 11-28-2016, 08:14 PM

I believe all three options use iptables. The other two simply parse iptables rules. Once I started using iptables directly it was so much easier to lock down a network exactly the way I wanted that I just kept using it.

John VV · 11-28-2016, 10:17 PM

use bash

TB0ne · 11-29-2016, 07:16 AM

Quote:

Originally Posted by sigint-ninja

so tbone,
it doesnt really matter? they all accomplish the same thing but isnt there pros and cons to doing thins differently? the previous poster said iptables is in the past...do you agree?

You either didn't read what I posted, or missed the point.

To break it down:

YOU are wanting to take a 'certification' exam.
YOU have the choice of tools to use to accomplish a task
YOU are going to have to decide what is easiest for YOU to use
And the only way to determine what is better for YOU is for YOU to actually use both tools

There is no 'right' answer for anyone to give you...this is like asking someone, "Is the CLI easier than the GUI to use?" Depends on the user, and what THEY are comfortable with.

sigint-ninja · 12-04-2016, 04:45 PM

ok with you TBONE thanks...understand now.

lazydog · 12-05-2016, 12:26 PM

Quote:

Originally Posted by sigint-ninja

the previous poster said iptables is in the past...do you agree?

Just because someone say something doesn't make it true. But here are some true statements for you.

Redhat does everything to try and stand out even to the point of trying to make the way they do things the standard.

Since you are taking the test you need to decide what works best for you and what you can use to complete the task at hand in a timely matter as in the end that is what counts, complete each task correctly in a timely matter.