On Thu, 15 Nov 2012 19:30:27 +0100
Reindl Harald <h.reindl(a)thelounge.net> wrote:
Am 15.11.2012 19:27, schrieb Miloslav Trmač:
> On Thu, Nov 15, 2012 at 7:08 PM, Reindl Harald
> <h.reindl(a)thelounge.net> wrote:
>> Am 15.11.2012 19:02, schrieb Miloslav Trmač:
>>> It would be very helpful for judging the maturity/suitability of
>>> firewalld if you could try converting your iptables script to
>>> firewall-cmd --direct (which, at least I hope, should be possible
>>> to do with a few sed commands), and report back whether the
>>> pass-through capability is good enough.
>>
>> you CAN NOT easily convert iptables.sh scripts containing
>> hundrets of commands in a specific order which are well tested
>> over years and your replacment for any hardware firewall/router
>
> Have you actually _tried_? It's supposed to be as easy as
> s/iptables/firewall-cmd --direct --passthrough ipv4/
>
> I don't know for a fact whether it is good enough. You seem to
> have a script that could tell us.
i posted a script realier this day as .txt file with
masked network details, but it did not go trough list
moderation AFAIK until now
Everyone on this list doesn't need a copy of your (lengthy) iptables
script, IMHO.
Perhaps the two of you could continue this off line and test and report
back to the list?
kevin