You should check out managing your firewall rules with ansible or similar, that way you won't need to worry about configuration loss on reboot (because all your configs are in yaml anyway :) )
Yes and no. Things should be made as simple as possible, but no simpler. At times UFW will meet your needs but there are times when it doesn’t and having more options is useful.
This was a great walk through. Helped me a lot. Thanks mate.
Glad to hear it!
firewall-cmd --reload is a better option than restarting the service - especially in a production environment
That's a good point, I will definitely mention that when we get to that section in class. Thank you.
You should check out managing your firewall rules with ansible or similar, that way you won't need to worry about configuration loss on reboot (because all your configs are in yaml anyway :) )
That's something worth pursuing depending on your organization. For this lab I was focused on the basics of a firewall configuration.
this seems almost 'disgustingly difficult and non-intuitive' compared to UFW.... :(
Yes and no. Things should be made as simple as possible, but no simpler. At times UFW will meet your needs but there are times when it doesn’t and having more options is useful.