FirewallD, also called Dynamic Firewall, is Fedora 18's userland interface in RHEL (Red Hat Enterprise Linux) 7. FirewallD replaces iptables, the common kernel firewall interface.

FirewallD separates runtime and permanent configuration options, whereas the old firewall utility iptables -- with system-config-firewall/lokkit -- was static. Every change to a firewall required a system rebuild. With FirewallD, Linux administrators can allow configuration changes without disrupting current connections. All firewall modifications must be done with that daemon to ensure the daemon and firewall kernel are in sync. Dynamic Firewall has an interface for services or applications to directly add firewall rules. FirewallD also connects to the netfilter kernel code and supports Internet protocols IPv4 and IPv6 firewall settings. 

Dynamic Firewall delivers information about current active firewall settings with D-BUS, a message bus system that allows easy inter-process communication, as well as zones. The d-bus interface allows the FirewallD daemon to communicate with processes and allows applications, daemons and administrators to enable or disable a FirewallD feature, such as opening a port, forwarding a port or packet and performing more advanced tasks.

Services are the preferred method of FirewallD configuration, with an easy overview of firewall status. FirewallD uses its own set of services configured with XML files in the directories /usr/lib/FirewallD/services (for the system default services) and /etc/FirewallD/services for services that administrators can create. A service in FirewallD is a list of local ports and destinations and a list of firewall helper modules. They are automatically loaded when a service is implemented. Predefined services enable the user to allow and disable service access.

Other FirewallD features include ICMP (Internet Control Message Protocol) types, direct interface, runtime configuration, permanent configuration, ebtables support and system configuration settings in /etc/FirewallD.

This was last updated in April 2015

Continue Reading About FirewallD

Dig Deeper on Systems automation and orchestration