Firewalld 1.0 Firewall Management Tool is Here with Big Improvements

Ten years after its first release, Firewalld reached version 1.0. The biggest change is removing Python 2 support.

Firewalld is front-end controller for iptables and nftables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. The name Firewalld adheres to the Unix convention of naming system daemons by appending the leter “d”.

Firewalld is easier to manage and configure than iptables. It offer a very flexible way to handle the firewall management compared to iptables. There are no long series of chains, jumps, accepts and denies that you need to memorize to get Firewalld up and running.

It manages rulesets dynamically, allowing updates without breaking existing sessions and connections. Changes can be done immediately in the runtime environment. No restart of the service or daemon is needed.

The firewalld service uses zones to control the firewall access. Zones are preconstructed rule sets for various trust levels. You likely have a zone for a given location or scenario, such as home, public, or trusted. Different zones enable different network services and incoming traffic types while denying everything else.

Firewalld 1.0 is a major version bump. It includes breaking and behavioral changes.

What’s new in Firewalld 1.0

Above all, the most notable changes in this release is dropping of Python 2 support and support for intra-zone forwarding by default. It is important to note that from now on the default target is similar to reject.

Firewalld 1.0 is also a feature release. It includes all bug fixes since v0.9.0.

Highlights include:

  • Reduced dependencies
  • Intra-zone forwarding by default
  • NAT rules moved to inet family
  • Default target is now similar to reject
  • ICMP blocks and block inversion only apply to input, not forward
  • tftp-client service has been removed
  • iptables backend is deprecated
  • Direct interface is deprecated
  • CleanupModulesOnExit defaults to no

For more information about all changes in Firewalld 1.0, you can refer to the official announcement.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%