请参考以下链接
The iptables command is used to add or delete rules and chains and can be used without the service file. What iptables.service does is to automatically load a saved ruleset on boot and to unload the rules at shutdown. There’s a few safety checks in the scripts, like setting default chain policies to ACCEPT on shutdown, to prevent the system from having unusable rulesets. If you want to manually load rules every time you boot the system you can, the service just makes it easier.
firewalld presents a simpler interface to defining rules than iptables but that is really the major difference. And underneath the covers, firewalld uses iptables to implement the rules. Personally, I prefer using iptables but I have gotten used to the configuration over the years. The choice of iptables or firewalld is really up to what you’re comfortable with.