Firewalld vs. iptables overview-CSDN博客

本文链接：https://blog.csdn.net/fareast_mzh/article/details/141432182

firewalld and iptables are both tools used for configuring firewall rules on Linux systems, but they function at different levels:

Relationship between `firewalld` and `iptables`

iptables: This is a lower-level tool that directly interacts with the Linux kernel’s Netfilter framework. It allows for manual management of firewall rules, defining chains and policies for handling traffic.
firewalld: This is a higher-level tool that provides a dynamic interface for managing firewall rules. It uses the concept of “zones” and abstracts the complexity of managing individual iptables rules. Under the hood, firewalld relies on iptables (or nftables in newer systems) to implement the rules you define, but it simplifies the management of these rules.

When firewalld is running, it manages the iptables rules, so direct modifications using iptables might be overridden unless managed through firewalld itself. In essence, firewalld is a frontend to iptables.

Checking Firewall Open Ports and Open??? Forward Rules

To Check Open Ports in firewalld:
- Run the following command to list all open ports for the active zones:
```
sudo firewall-cmd --list-ports
```
- To see all active zones and their respective open ports:
```
sudo firewall-cmd --list-all-zones
```
To Check Firewall Rules with iptables:
- To list all current iptables rules:
```
sudo iptables -L -v -n
```
- To check specific chains (like FORWARD for ??? forwarding):
```
sudo iptables -L FORWARD -v -n
```
Checking Open??? Forward Rules:
- Open??? typically requires traffic to be forwarded from its tun interface (e.g., tun0) to the main network. Check the forwarding rules by inspecting the FORWARD chain:
```
sudo iptables -L FORWARD -v -n | grep tun0
```
- You may also need to check NAT rules for proper IP masquerading:
```
sudo iptables -t nat -L POSTROUTING -v -n | grep tun0
```