BCE-C712 Linux System Administration

0 of 74 lessons complete (0%)

TCP/IP Firewall and IP Masquerade

iptables and firewalld

You don’t have access to this lesson

Please register or sign in to access the course content.


Imagine iptables as a powerful toolbox. In this toolbox, you have tools to control how data moves in and out of your computer. You can decide which types of data are allowed and which are not.

Example 1 – Imagine a Bouncer:

  • You’re hosting a party, and there’s a bouncer at the door. The bouncer decides who can come in based on a set of rules. In iptables, you’re the bouncer, and you set rules to decide which data (or guests) can come into your computer.
  • If you want to allow guests from a specific address (let’s say your friend’s house), you tell the bouncer to let them in. iptables -A INPUT -s friend_ip_address -j ACCEPT
  • If someone is causing trouble, you tell the bouncer to keep them out. iptables -A INPUT -s troublemaker_ip_address -j DROP


Imagine firewalld as a Smart Guard. This guard doesn’t just stop people from entering; it also understands different areas where people can go.

Example 2 – Zones and Services:

  • Your computer has different areas like ‘Home’ and ‘Work’. In firewalld, these are called zones. You set rules for each zone.
  • You also have certain services you want to allow. For example, you want to allow web browsing (HTTP). In firewalld, this is called a service.
  • You put rules in place like this:
    • Allow web browsing in the ‘Home’ zone.bashCopy codefirewall-cmd --zone=home --add-service=http
    • Allow file sharing in the ‘Work’ zone.bashCopy codefirewall-cmd --zone=work --add-service=samba

Choosing Between iptables and firewalld:

  • If you’re just starting out or want a simpler approach, firewalld might be a better choice. It’s like having a smart guard who understands zones and services.
  • If you want more control and are comfortable with detailed rules, iptables might be a better fit. It’s like being a bouncer with a detailed list of who’s allowed in.

Remember, both tools do the same job, but they do it in different ways. It’s like choosing between a smart guard and a bouncer based on what works best for you.

So, depending on your needs and preferences, you can pick the tool that makes more sense for you. Keep in mind that learning both can be beneficial, as you might encounter different systems that use either iptables or firewalld.