firewalld / iptables.service past F17

Reindl Harald h.reindl at thelounge.net
Mon Apr 23 15:56:23 UTC 2012 

Am 23.04.2012 17:32, schrieb Miloslav Trmač:
> On Tue, Apr 17, 2012 at 10:40 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> http://fedoraproject.org/wiki/Features/firewalld-default
>>
>>> An explicit transition is planned after Fedora 18 with dropping support for the
>>> static firewall with system-config-firewal/lokkit. A migration from the static
>>> firewall model will be needed then.
>>
>> are there only the ui-interfaces meant or do someone
>> consider drop "iptbales.service" at all? if so please
>> re-consider this!
> 
> I was pushing for the deprecation to avoid a NetworkManager-like
> duplication for the long term.

i really, really like the idea of "firewalld" for many setups!
it is a really nice improvement for desktops over the long

but please consider that network-manager and desktop is not
all and on servers with vpn-gateways, routings and such
things you do not really like it

please do not start seeing linux as desktop-only OS, it is not
cool that it works for desktops and servers and this should
be considered in big changes

> AFAICS you can s/iptables/firewall-cmd --direct --passthrough ipv4/,
> and things should continue to work (perhaps with minor modifications
> to avoid collisions with firewalld's default rule chains).

i simply do not need want any default chains
the first in a iptables-script is reset them

the iptables.sh for the environment where i work is currently
50 KB large, distributed and for all machines in the network
the same

> Or, if you insist, disable firewalld (... which might break some
> applications), and turn your shell script into a systemd service; but
> --direct --passthrough should be the preferred route.

how to replace such things?

cat /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_nat_sip ip_nat_ftp nf_conntrack_ftp nf_nat_ftp"
________________________________

cat /etc/sysconfig/iptables-config
IPTABLES_MODULES="nf_conntrack_ftp  nf_nat_ftp"

cat /etc/modprobe.d/local.conf
options nf_conntrack_ftp ports=21,4559
options ipt_recent ip_list_tot=5000 ip_pkt_list_tot=200


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20120423/7b97ca35/attachment.sig>

More information about the devel mailing list