User:Wjn/Firewalld

firewalld is a firewall service daemon with D-Bus interface

Offcial site

 * Homepage - http://www.firewalld.org/
 * GitHub - https://github.com/t-woerner/firewalld

packages
These packages are necessary


 * net-firewall/iptables[ipv6]
 * net-firewall/ebtables
 * net-firewall/ipset

Note: net-firewall/ipset can provide a kernel module as well as a command. If net-firewall/ipset[-modules], modules must be provided by Linux kernel.

kernel configuration
I don't investigate closely. But these modules are automatically loaded in my system.


 * ebtable_broute
 * ebtable_filter
 * ebtable_nat
 * ebtables
 * ip6_tables
 * ip6t_REJECT
 * ip6t_rpfilter
 * ip6table_filter
 * ip6table_mangle
 * ip6table_raw
 * ip_set
 * ip_tables
 * ipt_REJECT
 * iptable_filter
 * iptable_mangle
 * iptable_nat
 * iptable_raw
 * nf_conntrack
 * nf_conntrack_broadcast
 * nf_conntrack_ipv4
 * nf_conntrack_ipv6
 * nf_conntrack_netbios_ns
 * nf_defrag_ipv4
 * nf_defrag_ipv6
 * nf_nat
 * nf_nat_ipv4
 * nf_reject_ipv4
 * nf_reject_ipv6
 * nfnetlink
 * x_tables
 * xt_CT
 * xt_conntrack
 * xt_tcpudp

services

 * rc-service firewalld start or systemctl start firewalld
 * rc-update add firewalld default or systemctl enable firewalld

debug

 * Logs is at /var/log/firewalld
 * Run iptables -L -n, ip6tables -L -n and ebtables -L

GUI interface
firewalld version 0.4.4 or later depends on GTK+:3 and PyQt5. Older versions depend on GTK+:3 and PyQt4.

firewalld vs ufw

 * firewalld is used in RHEL/CentOS 7. ufw is used in Ubuntu.
 * firewalld is much more functional.
 * ufw is very simple. It's for newbies.

I prefer executing iptables directly to executing ufw.