On Thu, Apr 17, 2014 at 3:40 PM, Thomas Woerner <twoerner(a)redhat.com> wrote:
On 02/19/2014 06:57 PM, Lennart Poettering wrote:
> On Wed, 19.02.14 12:40, Bastien Nocera (bnocera(a)redhat.com) wrote:
>> ----- Original Message -----
>>> I ended up calling the firewalld maintainer to understand the state of
>>> and there is this concept in firewalld called zones that we should be
>>> able to
>>> use to create a better user experience, yet at the same time keep the
>>> working when people connect with their laptop at an internet cafe for
>> Right. But firewalld can't a Fedora-only solution, otherwise no
>> application developer
>> will want to integrate with it.
>> We'd also need designs based around that, and see if firewalld is indeed
>> the right
>> technical solution.
>> Right now, we don't even know whether a firewall is required, or it's
>> just a
>> work-around for applications that aren't integrated.
> I fully agree with Bastien here. I don't think a firewall brings any
> benefit on th desktop, and particularly not in the implementation of
> firewalld. There are better ways to make sure the local system is not
> vulnerable, and in its current state firewalld just creates problems and
> slows down the boot immensly (it's the number 1 slowest component on
> Fedora, right now.)
I will not reply to your personal opinion. But "firewalld is the number 1
slowest component on Fedora, right now."?
I just did a fresh F-20 gnome installation and applied all updates. After 3
boots I used systemd-analyze and systemd-analyze blame:
F-20 x86_64 virt guest (after 2 boots):
Startup finished in 528ms (kernel) + 1.027s (initrd) + 4.208s (userspace) =
After disabling firewalld (and two boots):
Startup finished in 520ms (kernel) + 996ms (initrd) + 3.948s (userspace) =
After uninstalling firewalld (and two boots):
Startup finished in 528ms (kernel) + 1.029s (initrd) + 3.944s (userspace) =
systemd-analyze was used to produce this initially after 3 boots and after 2
boots after each change.
firewalld is not the "number 1 slowest component on Fedora, right now.", but
it is plymouth-quit-wait.
No it just waits for other services to finish (as you have seen it
went down without firewalld).
As you can see, the userspace time varies by about 0.3s after
also uninstalling firewalld!
Taking into account that only firewalld changed in these the output of
"systemd-analyze blame" is very unexpected. The start times of other
services increased by 40 to 50% after firewalld is not started and not
Because things run in parallel.
I can only measure a difference of about 0.3s in boot time with and
I wouldn't classify "0.3 seconds" as "only" but yeah that's
difference on your system.