Setting the default firewall configuration (was Re: Attention, dependency fighters)
Adam Williamson
awilliam at redhat.com
Thu Nov 15 18:58:29 UTC 2012
On Thu, 2012-11-15 at 19:46 +0100, Reindl Harald wrote:
>
> Am 15.11.2012 19:37, schrieb Kevin Fenzi:
> >>> Have you actually _tried_? It's supposed to be as easy as
> >>> s/iptables/firewall-cmd --direct --passthrough ipv4/
> >>>
> >>> I don't know for a fact whether it is good enough. You seem to
> >>> have a script that could tell us.
> >>
> >> i posted a script realier this day as .txt file with
> >> masked network details, but it did not go trough list
> >> moderation AFAIK until now
> >
> > Everyone on this list doesn't need a copy of your (lengthy) iptables
> > script, IMHO.
> >
> > Perhaps the two of you could continue this off line and test and report
> > back to the list?
>
> your argumentation is NOT helpful
>
> i can NOT test a iptables.sh replace for a whole INFRASTRUCTURE
> i can NOT post a unmasked version with ip-addresses and hostnames
> i can NOT simulate a whole network with around 100 machines
I don't think anyone asked you to do any of those things. Fedora
obviously does not have the power to replace iptables with firewalld on
your router, so the question is not 'can you replace iptables with
firewalld on everything in your network and see if it works'. The
question is more 'can you see if firewalld does a good job of imitating
iptables on a single Fedora machine on your network, or a small amount
of them'. The whole point is it should be able to imitate an
iptables-type setup fairly transparently, so it should 'play nice' with
the rest of your setup. Can't you just test that?
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list