On 3/20/21 11:11 AM, Carlos E. R. wrote:
El 2021-03-19 a las 23:09 -0500, David C. Rankin escribiÃ³:
I've always liked iptables and managing the
rules directly. For
here is a reasonably helpful page.
The reason I prefer managing the rules directly,
is it eliminates the
question whether the front-end you are using is actually doing what
you are telling it to do?
I always found it took about equal time to
either look-up how to do
something in iptables directly or to mess with a firewall front-end
out what it thinks a zone is and if this zone is
applied in the
way I think it is.
Don't get me wrong, I'm not against
front-ends and openSUSE has
done a good
job with firewalld (shorewall before that,
etc...), but if you use
one distribution, you may have to learn multiple
What openSUSE did was using the in-house SuSEfirewall2, not firewalld
nor shorewall ;-)
for firewalld is reasonably good:
Those are the basic pros/cons I see it.
Whichever you use, it just
time (like anything else) to wade though the
examples to the
point where you are comfortable with what it is
doing and how to
for your needs.
If you like using iptables, you should consider using nftables
instead. I'm told it is easier to use and more powerful. And modern.
Carlos E. R.
(from openSUSE 15.2 x86_64 at Telcontar)
Thank you David and Carlos and all those that replied erarlier. Sorry
for the late reply, got pulled away by some personal things. Once I
understood that I had to make sure my router was blocking incoming ssh,
then the firewall became a lower priority. But the recommendation to
learn iptables or nftalbes sounds really good. As you say, reading the
documentation and getting comfortable with it is really the key - and
for linux in geenral also. Best regards, Gustav.