3

Is there any advantage (other than usability) to using ufw, system-config-firewall-tui, or firewalld rather than just using iptables?

My understanding is that these other programs just simplify iptables.

Mike Gifford
  • 183
  • 6
  • 1
    These are very different programs. ufw is a tool for configuring an ip tables firewall, while firewalld is a complete replacement firewall with a different feature set to iptables. – Graham Hill Nov 22 '13 at 09:52

1 Answers1

3

It has more to do with the management systems around iptables that each provides. Firewalld, specifically, was designed to make dynamic loading feasible. With the old shell-script based iptables tools, if you wanted to make a change you would have to 'restart' iptables which involved taking down all the firewall state and bringing it back up again. Depending on configuration, you could lose connections, tracking state, etc.

Firewalld lets you add entries on-the-fly and avoids these problems. It also allows applications to interface with the firewall with a defined protocol, which makes it more usable for many people and allows packagers to help out the user.

It's also a bit of a pain in the neck for an admin who is used to just editing a text file. The features are a trade-off for ease-of-use at this point. One expects future improvements here.

Bill McGonigle
  • 509
  • 3
  • 8