I've got a project I'm working on for firewalld, and that list seems to
have disappeared from mailman so I thought I would ask here.
My immediate query is the logging options for direct rules, as well as
firewalld specific logging. I know direct rules are out of the scope of
firewalld, as they are true iptables rules applied directly to
netfilter. When you specify logging of packets in the direct rules, the
logs get reported as kernel messages through journald. Is there any way
to configure IPtables to write to a different log file, or is it this
way due to the way netfilter is integrated with the kernel?
I've found ways to do it by specifying log levels as part of the
argument, and using rsyslog or syslog-ng to filter out the level you
specify into a different log, but I've not been able to discern a
corresponding process for journald.
As for firewalld itself, I hope my project will eventually meet the
quality needed to submit to Thomas for including it. Can firewalld
provide more granular logging? I know it reports to journald as a unit
you can filter on, which may end up being the best answer, but I was
wondering if there was any facility provided to write to a log file or pipe.
Systems Engineer at Large
Fedora KDE WG | Fedora QA Team | Fedora Server SIG
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
So, at DevConf over the weekend, I had a conversation with several
people around the package set that we should include on the Fedora
Server install media in Fedora 22.
When we put together the install media for Fedora 21, we basically took
the old Fedora 20 DVD install and stripped out some of the things we
didn't feel were necessary for the Server. However, I suspect that we
may have missed numerous things that are not *strictly* important for
In particular, the Fedora Server DVD includes the package groups for
many of the Fedora development tools (particularly those useful for
developing Fedora *itself*, such as the @fedora-packager group.
I don't currently have statistics on how much space this would save on
the installation DVD (since I would pretty much have to build one
without these packages to verify it), but I can get an approximate idea
of the difference by installing the minimal set of Server packages on
one VM and a set that includes the devel packages on another.
The result I see is:
== Standard Server Install ==
* 614 packages
* 1,097 MB on the installed system
== Server Install Plus Development Tools ==
* 716 packages
* 1496 MB on the installed system.
Even if we assume a (very) generous assumption that the RPM compression
reduces the size difference by 50%, we still see a probable savings of
200 MB on the install DVD.
So, my questions to the Server SIG:
1) Is this savings in the DVD ISO download size sufficiently significant
to continue this conversation?
2) Does anyone see any value in keeping this material *on the DVD*?
Obviously, all of these packages will remain available to the network
install or post-installation environments.
For those who are interested in minutiae, I am attaching the current
fedora-install-server.ks file that is used to generate the DVD. If you
see anything else there that might be worth including in this
discussion, I'm all ears.
Hey, folks. I'm writing with my Server SIG member hat on, here. We've
been discussing password policy changes at our meeting today.
So the Great Password Policy Bunfight of 2015 was resolved by anaconda
creating a mechanism for products/spins to set their own password
I'm slightly worried, however, about the possibility that everyone
goes out and picks a more lenient policy more or less at random and we
wind up with different policies on every Fedora medium. That seems
like it'd be needlessly confusing to users and difficult to document.
I'm wondering if those products/spins intending to set a policy weaker
than the default could all agree on the same one, so there'd only be
at most two policies to care about (and if all products/spins overrode
the upstream default, there'd only be one).
The obvious choice would be the pre-F22 policy, which I believe should
--nostrict --minlen=6 --minquality=50 --nochanges --emptyok
(though it's not *entirely* clear from the code - I think it used
pwquality upstream defaults - so I may be a bit off).
What's the general feeling here? Have other SIGs discussed this yet?
Come to any decisions? Thanks!
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net