With this release, the nftables filtering subsystem becomes the default firewall backend for the firewalld daemon.
nftables
firewalld
For more information, see link:https://firewalld.org/2018/07/nftables-backend[] and link:https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables[].
Metadata Update from @mjahoda: - Issue assigned to mjahoda
See #487
@erig0 I have put together the description text in the RHEL 8.0 Rel. notes and the information from your comment and wiki:
`firewalld` now uses `nftables` as its default backend With this release, the `nftables` filtering subsystem becomes the default firewall backend for the `firewalld` daemon. To change the backend, use the `FirewallBackend` option in the `/etc/firewalld/firewalld.conf` file. This change introduces the following differences in behavior when using `nftables`: * `iptables` rule executions always occur _before_ `firewalld` rules ** DROP in `iptables` means a packet is never seen by `firewalld` ** ACCEPT in `iptables` means a packet is still subject to `firewalld` rules * direct-rule execution occurs _before_ `firewalld` generic acceptance of established connections For more information, see link:https://firewalld.org/2018/07/nftables-backend[] and link:https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables[].
#487 has been merged - thanks!
Metadata Update from @pbokoc: - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.