On Thu, Nov 15, 2012 at 10:10:43AM -0800, Adam Williamson wrote:
Sure, but the background here was the 'replace vs. augment'
question -
is firewalld actually planned to replace iptables in the long run, or
are we committed to maintaining iptables as an alternative mechanism? It
sounds like harald would be happy if the latter is the case.
One approach: firewalld could have a "direct-only" mode. If that mode were
enabled, it'd load a static script from from /etc/sysconfig/iptables on
launch, and respond to any commands other than the "direct" api with an
"in
direct-only mode" error. Then, firewalld-aware applications could choose to
raise a user error or to go to whatever fallback they have.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>