-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 El 2021-03-19 a las 23:09 -0500, David C. Rankin escribió: ...
Gustav,
I've always liked iptables and managing the rules directly. For example, here is a reasonably helpful page.
https://www.digitalocean.com/community/tutorials/iptables-essentials-common-...
The reason I prefer managing the rules directly, is it eliminates the question whether the front-end you are using is actually doing what you think you are telling it to do?
I always found it took about equal time to either look-up how to do something in iptables directly or to mess with a firewall front-end and figure out what it thinks a zone is and if this zone is really being applied in the way I think it is.
Don't get me wrong, I'm not against front-ends and openSUSE has done a good job with firewalld (shorewall before that, etc...), but if you use more than one distribution, you may have to learn multiple front-ends.
What openSUSE did was using the in-house SuSEfirewall2, not firewalld nor shorewall ;-)
The documentation for firewalld is reasonably good:
https://firewalld.org/documentation/
Those are the basic pros/cons I see it. Whichever you use, it just takes time (like anything else) to wade though the documentation and examples to the point where you are comfortable with what it is doing and how to configure it for your needs.
If you like using iptables, you should consider using nftables instead. I'm told it is easier to use and more powerful. And modern. - -- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCYFXKOBwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV+icAnRb+2HYbNCeDhBYr95OV SEut+/OgAJ9IMHBsUqINA0sWCxkh15qw2mTkmA== =pg0Q -----END PGP SIGNATURE-----