Am 15.11.2012 19:16, schrieb Miloslav Trmač:
(as far as I understand the situation:) iptables as a kernel
interface and a low-level command will exist, but applications will
expect the existence of the firewalld D-Bus service (as opposed to the
system-config-firewall D-Bus service, at least; I'm not sure what this
implies about systems where the firewalld D-Bus service is not
available), and firewall-cmd, not iptables, will be the recommended
user tool
and this is the reason why i say CAUTIOn
i do not want nor can i accept anything on MY machines
expect anything to deal with iptables-rules. i am the only
on e instance to define what is open and closed and with
which REJECT or DROP answer what is closed
nobody and nothing has to touch this dynamically
if a application needs a port open i am the one to open it and
if not you can be sure there is a good reason why it stays
closed - the reason is security and professional it-managment
i am responsible for my data, comanies data and data of many
customers so i have to be the instance to control every piece
of software - on servers and static setups there is no need for
dynmaic connifurations - the opposite is true: you need to disable
and close ANYTHING and allow NOTHING where you are not 100% sure
that you aware what is done
these things will not change tomorrow nor in 20 years and the
palces where they are changed you read regulary in the newspaper
because intrusions and security leaks!