Fedora-21 firewall advice?
poma
pomidorabelisima at gmail.com
Sat Jan 17 15:40:08 UTC 2015
On 17.01.2015 16:37, Timothy Murphy wrote:
> Ed Greshko wrote:
>
>>> Am I right in thinking that there are two entirely different
>>> versions of firewall in Fedora-21? I've been looking at
>>>
> <https://fedoraproject.org/wiki/FirewallD#Dynamic_firewall_with_FirewallD>
>>>
>>> and it seems I have to choose between systemd (dynamic) firewall
>>> and iptables (static) firewall?
>
>>> I'm surprised that I have never seen an article starting
>>> "In Fedora 21 you will have to choose between firewalld and iptables."
>>> Or have I completely misunderstood the situation?
>
>> In the link you provide above you do see...
>>
>> "The actual static firewall model with system-config-firewall and lokkit
>> will still be available and usable, but not at the same time as the daemon
>> is running. The user or admin can decide which firewall solution should be
>> used by enabling the corresponding services."
>
> I know, that is what led me to my conclusion.
> But it is in the middle of the article quoted above.
> I would expect this article, or some article on the topic, to START
> by saying "In Fedora-21, you will have to choose ...".
>
>> FWIW, even firewalld does use "iptables", just in a manner which allows
>> dynamic changes without having to unload/reload kernel modules.
>
> It isn't clear from the article (at least to me)
> if one actually has to enable iptables when running firewalld,
> or if this is done automatically?
>
> In my experience, the major problem with systemd is the documentation -
> I don't want to know how marvelous it is, I just want to be told
> (precisely) how to use it.
>
firewalld != systemd :)
More information about the users
mailing list