Running both firewalld and iptables simultaneously is not recommended as it can lead to conflicts, rule management issues, or overwriting of configurations.
1. Key Differences and Features
firewalld:
- Dynamic Management: Supports the dynamic loading and modification of rules without restarting the service.
- Zone Concept: Simplifies complex network environments by using zones for rule management.
- User-Friendly: Provides a higher level of abstraction, making it suitable for users unfamiliar with iptables.
- Recommended Use Case: Ideal for systems requiring frequent rule changes or managing complex configurations across multiple network zones.
iptables:
- Traditional Tool: Directly operates on the kernel’s Netfilter framework for high rule execution efficiency.
- Highly Controllable: Provides precise and transparent rule management, perfect for experienced administrators familiar with firewall syntax.
- Static Management: Better suited for fixed configurations, requiring manual loading of modified rules.
- Recommended Use Case: Best for applications needing complete control over rules or systems already leveraging extensive iptables-based configurations.
2. Recommendations
- Use firewalld: For modern and dynamically managed solutions.
- Use iptables: If you are familiar with its structure or have existing configurations heavily reliant on it.
Common firewalld Commands
# Start the firewall
systemctl start firewalld
# Stop the firewall
systemctl stop firewalld
# Restart the firewall
systemctl restart firewalld
# Enable firewall on startup
systemctl enable firewalld
# Disable firewall on startup
systemctl disable firewalld
# Check the status of the firewall
systemctl status firewalld To open HTTP and HTTPS ports:
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanentNote on VPS Configuration
When the firewall is not running correctly, your VPS memory usage may drop to just 300 MB, but websites will become inaccessible! (This was a nightmare experience during a recent VPS upgrade.)
