zlacker

[parent] [thread] 6 comments
1. sph+(OP)[view] [source] 2025-12-18 06:40:21
The problem with firewalld is that it has the worst UX of any program I know. Completely unintuitive options, the program itself doesn’t provide any useful help or hint if you get anything wrong and the documentation is so awful you have to consult the Red Hat manuals that have thankfully been written for those companies that pay thousands per month in support.

It’s not like iptables was any better, but it was more intuitive as it spoke about IPs and ports, not high-level arbitrary constructs such as zones and services defined in some XML file. And since firewalld uses iptables/nftables underneath, I wonder why do I need a worse leaky abstraction on top of what I already know.

I truly hate firewalld.

replies(2): >>bingo-+65 >>ps+6l
2. bingo-+65[view] [source] 2025-12-18 07:33:43
>>sph+(OP)
Coming from FreeBSD and pf, all Linux firewalls I’ve tried feels clunky _at best_ UX-wise.

I’d love a Linux firewall configured with a sane config file and I think BSD really nailed it. It’s easy to configure and still human readable, even for more advanced firewall gateway setups with many interfaces/zones.

A have no doubt that Linux can do all the same stuff feature-wise, but oh god the UX :/

replies(3): >>ptman+wa >>Hendri+nb >>adrian+CO
◧◩
3. ptman+wa[view] [source] [discussion] 2025-12-18 08:32:37
>>bingo-+65
nftables is configured like that https://wiki.nftables.org/wiki-nftables/index.php/Simple_rul...
◧◩
4. Hendri+nb[view] [source] [discussion] 2025-12-18 08:41:23
>>bingo-+65
Have you tried nftables? It is so much nicer than iptables.
replies(1): >>bingo-+6S1
5. ps+6l[view] [source] 2025-12-18 10:14:01
>>sph+(OP)
Hate it as well. Why should I bother learning about zones and abstract away ports, adresses, interfaces etc. only to find out pretty soon that my baremetal server actually always needs fine grained rules at least from the firewalld's point of view.
◧◩
6. adrian+CO[view] [source] [discussion] 2025-12-18 13:57:24
>>bingo-+65
I completely agree.

I have been using for many decades both Linux and FreeBSD, on many kinds of computers.

When comparing Linux with FreeBSD, I probably do not find anything more annoying on Linux than its networking configuration tools.

While I am using Linux on my laptops and desktops and on some servers with computational purposes, on the servers that host networking services I much prefer FreeBSD, for the ease of administration.

◧◩◪
7. bingo-+6S1[view] [source] [discussion] 2025-12-18 18:44:27
>>Hendri+nb
Yeah, I'm already using nftables and I agree that it's better than eg. iptables (or the numerous frontends for iptables) and probably the best bet we have at this point - but honestly, it's still far from the UX I get from pf - unfortunately :/
[go to top]