Setting the default firewall configuration (was Re: Attention, dependency fighters)

Reindl Harald h.reindl at thelounge.net
Thu Nov 15 17:16:28 UTC 2012 

Am 15.11.2012 18:06, schrieb Adam Williamson:
> On Thu, 2012-11-15 at 14:48 +0100, Reindl Harald wrote:
>>
>> Am 15.11.2012 13:33, schrieb Michael Scherer:
>>> Not really. For example, ubuntu use ufw, mandriva used shorewall. Debian
>>> offered several frontend, but IIRC, didn't use one by default
>>
>> and they ALL using iptables/netfilter
>>
>> so if you write a iptables.sh you get it run on ANY distribution
>> and that was the point
> 
> Right. I hate to say it, but Harald is correct here: AFAIK, all those
> and other firewall configuration mechanisms were ultimately just
> UI/abstraction layers wrapped around iptables. They wrote iptables
> rules. firewalld is very different.

and that is why i hardly hope "iptables.service" will be available
parallel to "firewalld" because both satisfy different needs

* firewalld: desktops, standard-setups
* iptables: users maintaining since forever their rules per shellscripts

i am one of the second groups and doing DISTRIBUTED iptables-configurations
for whole infrastructures since many years and using here any capability
of iptables which can be hardly covered with abstraction layers

firewalld is helpful for most average users and a fine idea
iptables.service is for the pople needing 100% control of each
netfilter-rule and it would be a great fault to try include any
capability in firewalld because it would be too complex to use
and finally not satifsy both user groups

if it supports any comination you can do with a script containing
some hundret iptables-commands it would became overloaded for the
average user while most likely my usage could still only be covered
partly

the only things i need are:

* /usr/sbin/iptables
* /sbin/iptables-save > /etc/sysconfig/iptables
* a service loading "/etc/sysconfig/iptables" at startup
* not collide with firewalld or forced to use it

if this is possible and firewalld is the default i am
happy, my workload stays fine and firewalld satisfies
other user-types - a perfect combination and a real
improvement at all


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20121115/f6d877f6/attachment.sig>

More information about the devel mailing list