Replacing iptables with firewalld

I’ve already done it and it seems to be working just fine but, a resource I found online gave some odd advice. I chose not to follow it, but I want to ask the question here as a “gut check” in case I misunderstood.
Basically, I was running iptables via gufw on my EOS machine and firewalld on my Arch machine. I’ve decided to run with firewalld on both machines. Before removing gufw and replacing it with firewalld, thought it prudent to do a little research first. One reference I found said I should stop and then MASK iptables.
Why not just disable iptables so it doesn’t restart on boot? If I mask it, then later decide I want it again, I’ll probably forget that I sent it to /dev/null and wind up having to troubleshoot. My understanding is that firewalld does not use iptables. Am I missing something?
Needless to say, I just stop/disabled it then uninstalled gufw and ufw. Seems to be working just fine.

firewalld is a front-end for nftables and iptables.

You are probably using nftables with firewalld. In this case, I would recommend replacing iptables with iptables-nft. That way, anything that depends on iptables will still work but it will be backed by nftables

Are you talking about the iptables.service? That doesn’t actually enable or disable the functionality. It just loads the rules from /etc/iptables/iptables.rules. That should be disabled by default. I don’t think that needs to be enabled unless you want to manually manage iptables rules. I believe it can be disabled even when using ufw

Ok, I was under the impression that firewalld just worked with nftables.

By default, I believe it does use nftables. Since nftables is a dependency of the firewalld package, it almost definitely is using nftables.

That being said, there may be other packages which depend on iptables which is why installing iptables-nft is good option.

I’ll definitely look into that, thanks :slight_smile:

Either way, if your question was “can I disable iptables.service”, you definitely should be able to.