Linux Tutorials - Herong's Tutorial Examples - v5.41, by Herong Yang
Network Firewall Tools on CentOS
This section provides quick descriptions on 3 major network firewall tools, 'firewalld/firewall-cmd', 'nftables/nft', and 'iptables' on CentOS 8 systems.
After connecting your CentOS system to the Internet, you need to review and revise firewall settings to protect your system.
CentOS system uses a number tools to manage the network firewall. Here are 3 major ones:
1. "firewalld" and "firewall-cmd" - A firewall daemon and a CLI (Command Line Interface) works together as a frontend tool to manage the network firewall. "firewalld" uses "nftables/iptables" as the backend engine.
2. "nftables" and "nft" - A firewall daemon and a CLI (Cammand Line Interface) works together as a backend engine for packet filtering and classification. "nftables" uses "/etc/nftables" directory to store its rules. "nftables" is installed on CentOS 8 by default to replace "iptables".
3. "iptables" - A basic administration tool for IPv4/IPv6 packet filtering and NAT (Network Address Translation) in the Linux kernel. "iptables" uses "/usr/sbin/iptables" to store its rules. "iptables" is now replaced by "nftables" on CentOS 8 systems.
Here is diagram that shows how firewalld, nftables/iptables and other tools are related to each other (source: https://firewalld.org).
Table of Contents