firewalld is a dynamic firewall manager that uses zones and allows changes without restarting the firewall, ideal for desktops and servers.

sudo apt install firewalld
sudo systemctl enable --now firewalld
    

Configuration: Manage services and ports per zone; permanent and runtime configurations are separate.

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-port=443/tcp --permanent
sudo firewall-cmd --reload