On 2024-08-08 23:13, Curtis J Blank wrote:
I said I had reasons. For one it be kind of difficult to have a program that runs in real time monitoring network hacking attempts use a GUI per your suggestion to add a rule to block the IP address of the perpetrator. This is a very dynamic application that responds and blocks these attempts typically within 2 seconds. I didn't say that firewalld runs inside a GUI, only that it is easier to set up the IPsets in the GUI. Firewalld itself runs as a systemd service. But from what you say now, it seems likely that you should stick with what you know, since it's working for you now. You should be aware that firewalld and iptables appear to work independently of each other; therefore, what is done when you add a new rule in iptables isn't even known to firewalld. At this point, I suggest you stick with what you know -- do everything in iptables, and leave firewalld alone until you have had a chance to study it and learn how to do what you want with it.
PS, it is not necessary to send me a personal copy of your replies. In fact, I would prefer if you do not send any to me.