Firewall settings unworkable
Thomas Woerner
twoerner at redhat.com
Thu Oct 7 09:19:20 UTC 2010
On 10/07/2010 02:20 AM, Genes MailLists wrote:
> On 10/06/2010 11:26 AM, Thomas Woerner wrote:
>
>> 6) Compatibility Mode
>>
>> The current static firewall model will still be available for
>> compatibility for users or administrators creating their own firewall.
>> This deactivates the firewall service and also the D-BUS daemon.
>>
>> -------
>>
>> Comments and additional information is highly welcome.
>>
>
> I hope by 'compatibility mode' you mean it is 'completely off' and
> there is no possibility of it touching the rules because its not running
> in any form.
>
> Its vital for those of us who have hand coded firewall rules that this
> is totally turned off and it is impossible for it to touch the rules.
>
> In my case, I have about 40,000 rules and I def don't want anything
> else mucking with them!
>
> Thanks - its an interesting idea and the default firewall could use
> some spiffing up for many use cases.
>
>
Yes, the compatibility mode means that the dynamic daemon is disabled
and the current system-config-firewall, ip*tables and ebtables services
will still be availabe to be able to have an own and/or static firewall
setup.
The only question here is what the default should be in the furture. I
think for desktop installations it should be the daemon and for servers
the static model. Firstboot, installation time or first network usage is
a good place to define this in my opinion.
Ciao,
Thomas
More information about the devel
mailing list