What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld.service"?
Solution 1:
-
systemctl restart firewalldwill kill the process and start a new one. -
firewall-cmd --reloadwill
The reload command drops all runtime configurations and applies a permanent configuration. source
Every configuration without the --permanent flag is a runtime configuration and
Runtime configuration changes are not retained on reboot or upon restarting FirewallD whereas permanent changes are not applied to a running system.
As pointed out by @mircea-vutcovici reloading the firewall rules with firewall-cmd will not cause the system to use a potential new firewalld executable if it has been updated since the last restart of the daemon. However depending on your distribution that might have been done by the package manager when the package has been updated. The documentation states:
To reload
firewalldyou can either use the command line toolfirewall-cmd --reloador you can send theSIGHUPsignal tofirewalldfor example withkillall -HUP firewalld.
The killall -HUP firewalld step is executed when running systemctl reload firewalld. Looking at the basic design of firewalld it is essentially a frontend to iptables or similar backends. So killing the firewalld process should not affect the actual firewall rules. So both ways of reloading the firewalld rules have the same effect. I would personally prefer the systemd way for the sake of making sure that the most recent firewalld executable is used.