I read here that iptables
package is part of the Linux Kernel and that every GUI firewall tools are in the end translated in some kind of iptable
rules.
Now I am setting up Centos 8 server folowing this guide which sets up firewall settings using these lines:
sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --reload
Prior to this I could not visit my index page /var/www/html/index.html
using http://xxx.xxx.xxx.xxx/index.html
in my browser. But after this I could visit the site.
I was surprised that there was nothing appended to any of the three chains inside iptables
table. In other words table was completely empty:
[ziga@localhost ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[ziga@localhost ~]$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
It looks like firewall-cmd
is doing something I don't understand and I want to avoid this. Is there a way to achieve exactly the same result that firewall-cmd
by only using iptable
commands?