Firewalld documentation website.

Since RHEL 7.0, Firewalld has been subject to controversies.

Newcomers find it easy to work with because it masks complexity: ports used by protocols are stored in configuration files, network masquerading is started through the simple –add-masquerade option, permanent and temporary configurations are clearly differentiated with the –permanent argument, etc. No need to remember the various iptables network chains or to be an expert in network packets to enable or disable a given protocol anymore.

However, some seasoned administrators don’t like it because it breaks iptables habits, add new concepts like zones, direct rules, rich rules and make some configurations almost impossible like ipset (to match entire sets of addresses at once) or MAC filtering, at least in the current RHEL 7.x versions.

In one word, Firewalld is generally easier to use than iptables but not always!

As Firewalld is part of the RHCSA & RHCE curriculums, even though iptables can still be used, it’s worth spending some of your time to learn it.

Thomas Woerner, Firewalld‘s author, has created a website to provide some documentation, explain the main concepts and offer some perspective about the future versions of his software: www.firewalld.org.

This is definitely a place to visit.