firewalld / iptables.service past F17

Adam Williamson awilliam at redhat.com
Thu Apr 26 09:18:38 UTC 2012


On Wed, 2012-04-25 at 17:27 -0600, Dariusz J. Garbowski wrote:
> On 25/04/12 10:55 AM, Adam Williamson wrote:
> > On Tue, 2012-04-24 at 09:30 -0500, Jon Ciesla wrote:
> >
> >> Nothing is being taken away, the default is being changed.  If you're
> >> using Fedora in production, I presume you're installing with
> >> Kickstart.
> >
> > It's worth noting that if the question is how does firewalld handle
> > upgrades, I think it may be somewhat irrelevant because AFAIK even when
> > firewalld was going to be the F17 default, we never implemented anything
> > to cause upgraded systems to switch to it. It was only new installs
> > which were getting firewalld. Upgraded ones stuck with the static
> > iptables/s-c-f/lokkit system.
> 
> Does that imply that new installs will be easily switched from firewalld
> to static iptables? I always do new install but I want to keep my firewall
> static, with my current iptables script.

Once we actually go to firewalld by default, then yes, at least as long
as lokkit and s-c-f are maintained. The procedure is, more or less:

systemctl disable firewalld.service
systemctl stop firewalld.service
systemctl enable iptables.service
systemctl start iptables.service
lokkit --enabled
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net



More information about the devel mailing list