I guess this was just done out of habbit.
And if you look a bit deeper you will also find a few of those commands already in use from the original script as it seems.
Debian
root@grom-deb:/usr/local/share/grommunio-setup# grep -iR firewall-cmd
common/ssl_setup: firewall-cmd --add-port=80/tcp --zone=public --permanent
common/ssl_setup: firewall-cmd --add-service=https --zone=public --permanent
common/ssl_setup: firewall-cmd --reload
OpenSuse-OVA
grommunio-test:/usr/share/grommunio-setup # grep -iR firewall
common/ssl_setup: firewall-cmd --add-port=80/tcp --zone=public --permanent
common/ssl_setup: firewall-cmd --add-service=https --zone=public --permanent
common/ssl_setup: firewall-cmd --reload
setup.sh:writelog "Config stage: open required firewall ports"
setup.sh: firewall-cmd --add-service=https --zone=public --permanent
setup.sh: firewall-cmd --add-port=25/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=80/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=110/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=143/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=587/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=993/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=8080/tcp --zone=public --permanent
setup.sh: firewall-cmd --add-port=8443/tcp --zone=public --permanent
setup.sh: firewall-cmd --reload
I don't really know what cockpit is and after a quick search this seems to be some new (maybe not so insecure) webmin?
To provide the same capabilities in terms of management the use of firewalld maybe is the best choice.
- It's pretty easy to handle(you will not be so likely to lock down your network by accident).
- The OpenSuse-Release already is shipped with it which then also means than any problems or enhancements could be handled without thinking in two different worlds (*clearsthroat*
zypper in -y zypper-aptitude
).
And on my thought that iptables has to be switched with nftables-commands anyways, i took a peek in the Debian-Wiki and it seems like it isn't discouraged to make use firewalld anyways.
cheers!