What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld.service"?

Question

What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld"?

Hope everyone who will answer this to have a great day!

Answer 1

• systemctl restart firewalld will kill the process and start a new one.

• firewall-cmd --reload will

The reload command drops all runtime configurations and applies a permanent configuration. source

Every configuration without the --permanent flag is a runtime configuration and

Runtime configuration changes are not retained on reboot or upon restarting FirewallD whereas permanent changes are not applied to a running system.

As pointed out by @mircea-vutcovici reloading the firewall rules with firewall-cmd will not cause the system to use a potential new firewalld executable if it has been updated since the last restart of the daemon. However depending on your distribution that might have been done by the package manager when the package has been updated. The documentation states:

To reload firewalld you can either use the command line tool firewall-cmd --reload or you can send the SIGHUP signal to firewalld for example with killall -HUP firewalld.

The killall -HUP firewalld step is executed when running systemctl reload firewalld. Looking at the basic design of firewalld it is essentially a frontend to iptables or similar backends. So killing the firewalld process should not affect the actual firewall rules. So both ways of reloading the firewalld rules have the same effect. I would personally prefer the systemd way for the sake of making sure that the most recent firewalld executable is used.