Fedora-21 firewall advice?
Timothy Murphy
gayleard at eircom.net
Sat Jan 17 15:37:14 UTC 2015
Ed Greshko wrote:
>> Am I right in thinking that there are two entirely different
>> versions of firewall in Fedora-21? I've been looking at
>>
<https://fedoraproject.org/wiki/FirewallD#Dynamic_firewall_with_FirewallD>
>>
>> and it seems I have to choose between systemd (dynamic) firewall
>> and iptables (static) firewall?
>> I'm surprised that I have never seen an article starting
>> "In Fedora 21 you will have to choose between firewalld and iptables."
>> Or have I completely misunderstood the situation?
> In the link you provide above you do see...
>
> "The actual static firewall model with system-config-firewall and lokkit
> will still be available and usable, but not at the same time as the daemon
> is running. The user or admin can decide which firewall solution should be
> used by enabling the corresponding services."
I know, that is what led me to my conclusion.
But it is in the middle of the article quoted above.
I would expect this article, or some article on the topic, to START
by saying "In Fedora-21, you will have to choose ...".
> FWIW, even firewalld does use "iptables", just in a manner which allows
> dynamic changes without having to unload/reload kernel modules.
It isn't clear from the article (at least to me)
if one actually has to enable iptables when running firewalld,
or if this is done automatically?
In my experience, the major problem with systemd is the documentation -
I don't want to know how marvelous it is, I just want to be told
(precisely) how to use it.
--
Timothy Murphy
gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin
More information about the users
mailing list