I read here that iptables package is part of the Linux Kernel and that every GUI firewall tools are in the end translated in some kind of iptable rules.
Now I am setting up Centos 8 server folowing this guide which sets up firewall settings using these lines:
sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --reload
Prior to this I could not visit my index page /var/www/html/index.html using http://xxx.xxx.xxx.xxx/index.html in my browser. But after this I could visit the site.
I was surprised that there was nothing appended to any of the three chains inside iptables table. In other words table was completely empty:
[ziga@localhost ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[ziga@localhost ~]$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
It looks like firewall-cmd is doing something I don't understand and I want to avoid this. Is there a way to achieve exactly the same result that firewall-cmd by only using iptable commands?
0 Answers