On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald <h.reindl(a)thelounge.net> wrote:
Am 15.11.2012 18:06, schrieb Adam Williamson:
> Right. I hate to say it, but Harald is correct here: AFAIK, all those
> and other firewall configuration mechanisms were ultimately just
> UI/abstraction layers wrapped around iptables. They wrote iptables
> rules. firewalld is very different.
(Side-reply to Adam:) I can't see the difference; /sbin/iptables still
works if you have firewalld running.
i am one of the second groups and doing DISTRIBUTED
iptables-configurations
for whole infrastructures since many years and using here any capability
of iptables which can be hardly covered with abstraction layers
It would be very helpful for judging the maturity/suitability of
firewalld if you could try converting your iptables script to
firewall-cmd --direct (which, at least I hope, should be possible to
do with a few sed commands), and report back whether the pass-through
capability is good enough.
Mirek