On Wed, Feb 26, 2014 at 5:24 AM, Stephen Gallagher <sgallagh(a)redhat.com> wrote:
The main advantage that we get from firewalld is that it is
providing
a public D-BUS interface that we can use to connect central management
tools (such as puppet) to apply a complete set of rules in one go (as
opposed to the necessarily procedural approach we are currently faced
with, which is reading the current state, parsing it, determining
which changes need to be made and then performing the diff... all
We manage iptables by using an iptables.d directory, dropping rules
into it, and then using the summation of those rules on firewall
configuration reloads.