Setting the default firewall configuration (was Re: Attention, dependency fighters)
Miloslav Trmač
mitr at volny.cz
Thu Nov 15 18:02:35 UTC 2012
On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 15.11.2012 18:06, schrieb Adam Williamson:
>> Right. I hate to say it, but Harald is correct here: AFAIK, all those
>> and other firewall configuration mechanisms were ultimately just
>> UI/abstraction layers wrapped around iptables. They wrote iptables
>> rules. firewalld is very different.
(Side-reply to Adam:) I can't see the difference; /sbin/iptables still
works if you have firewalld running.
> i am one of the second groups and doing DISTRIBUTED iptables-configurations
> for whole infrastructures since many years and using here any capability
> of iptables which can be hardly covered with abstraction layers
It would be very helpful for judging the maturity/suitability of
firewalld if you could try converting your iptables script to
firewall-cmd --direct (which, at least I hope, should be possible to
do with a few sed commands), and report back whether the pass-through
capability is good enough.
Mirek
More information about the devel
mailing list