5

What's the difference between firewall-cmd --reload and systemctl restart firewalld?

Dave M
  • 4,514
  • 22
  • 31
  • 30
Neo
  • 51
  • 1
  • 1
  • 2

1 Answers1

5

  • systemctl restart firewalld will kill the process and start a new one.

  • firewall-cmd --reload will

The reload command drops all runtime configurations and applies a permanent configuration. source

Every configuration without the --permanent flag is a runtime configuration and

Runtime configuration changes are not retained on reboot or upon restarting FirewallD whereas permanent changes are not applied to a running system.

As pointed out by @mircea-vutcovici reloading the firewall rules with firewall-cmd will not cause the system to use a potential new firewalld executable if it has been updated since the last restart of the daemon. However depending on your distribution that might have been done by the package manager when the package has been updated. The documentation states:

To reload firewalld you can either use the command line tool firewall-cmd --reload or you can send the SIGHUP signal to firewalld for example with killall -HUP firewalld.

The killall -HUP firewalld step is executed when running systemctl reload firewalld. Looking at the basic design of firewalld it is essentially a frontend to iptables or similar backends. So killing the firewalld process should not affect the actual firewall rules. So both ways of reloading the firewalld rules have the same effect. I would personally prefer the systemd way for the sake of making sure that the most recent firewalld executable is used.

Henrik Pingel
  • 9,380
  • 2
  • 28
  • 39
  • Thank you very much so!!! Then those two have the same effect on firewalld? i.e. I can use either of two always?? – Neo Aug 26 '20 at 03:35
  • 1
    Reload should be a bit faster. If firewalld was upgraded, but not restarted, it will use the old binary even if you reload it. So, sometimes is better to reload other times is required to restart. – Mircea Vutcovici Mar 11 '21 at 06:50
  • @peter-turner does that explain things? – Henrik Pingel Mar 11 '21 at 09:43
  • 1
    Take into account, that all states are lost, when you restart the process. In order to avoid potential connection losses a reload should generally be preferred (that depends on your firewall configuation of cause): https://en.wikipedia.org/wiki/Stateful_firewall – MaxC Mar 13 '21 at 15:33