On 04/21/2017 01:42 PM, Jason DeTiberus wrote:
While I can see firewalld improving the situation wrt documenting how to add/persist
firewall changes for Atomic Host (especially when using moby/docker), I think there is a
bigger concern with firewalld being absent. If a user is running multiple applications
that modify the host firewall (docker, Kubernetes, OpenShift, etc), firewalld provides a
way to make firewall modifications in a consistent and repeatable manner, where iptables
does not. There is the --wait flag for iptables, however any applications/users that are
interacting with iptables will need to ensure they use it consistently.
So you are saying firewalld makes your life easier if it was
available?
Thanks for the input.
Dusty