Här är lite information om Firewalld
Firewalld provides a dynamically managed firewall with support for network/firewall zones that defines the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.
The former firewall model with system-config-firewall/lokkit was static and every change required a complete firewall restart. This included also to unload the firewall netfilter kernel modules and to load the modules that are needed for the new configuration. The unload of the modules was breaking stateful firewalling and established connections. The firewall daemon on the other hand manages the firewall dynamically and applies changes without restarting the whole firewall. Therefore there is no need to reload all firewall kernel modules. But using a firewall daemon requires that all firewall modifications are done with that daemon to make sure that the state in the daemon and the firewall in kernel are in sync. The firewall daemon can not parse firewall rules added by the iptables and ebtables command line tools. The daemon provides information about the current active firewall settings via D-BUS and also accepts changes via D-BUS using PolicyKit authentication methods.
So, firewalld uses zones and services instead of chain and rules for performing the operations and it can manages rule(s) dynamically allowing updates & modification without breaking existing sessions and connections.
It has following features.
D-Bus API.
Timed firewall rules.
Rich Language for specific firewall rules.
IPv4 and IPv6 NAT support.
Firewall zones.
IP set support.
Simple log of denied packets.
Direct interface.
Lockdown: Whitelisting of applications that may modify the firewall.
Support for iptables, ip6tables, ebtables and ipset firewall backends.
Automatic loading of Linux kernel modules.
Integration with Puppet.
Men förklara du gärna hur ip tables fungerar om du har lust.
