![](https://secure.gravatar.com/avatar/dbf97c196d6ec08d02e175372aecc411.jpg?s=120&d=mm&r=g)
On 12/16/23 11:46, Richard wrote:
Well... that was sloppy wording on my part.
ObThreadDrift: the kernel packet filtering framework is netfilter. The "canonical" UI tools are iptables in 2.4 series kernels and nftables in 3.x series. RedHat's firewalld and ubuntu's ufw both try to provide a "more user-friendlier" front-ends to xxtables.
AFAIK ufw only tries to provide the simple-stupid rule syntax.
Firewalld, OTOH, hooks into D-Bus, potentially allowing applications manipulate firewall rules automagically. I.e. a deamon could signal that it bind()/listen()'s and firewalld will pick that from D-Bus and respond by adding a corresp. accept rule to netfilter. That is basically how windows firewall does it.
Brought to you by No Nits Left Unpicked(tm)
Dima
participants (2)
-
Dmitri Maziuk
-
Stephen J. Turnbull