firewalld now uses nftables as its default backend
With this release, the
nftables filtering subsystem becomes the default firewall backend for the
To change the backend, use the
FirewallBackend option in the
This change introduces the following differences in behavior when using
iptablesrule executions always occur before
iptablesmeans a packet is never seen by
iptablesmeans a packet is still subject to
Direct-rule execution occurs before
firewalldgeneric acceptance of established connections.
For more information, see https://firewalld.org/2018/07/nftables-backend and https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables.
Want to help? Learn how to contribute to Fedora Docs ›