raising warning flag on firewalld-default feature

Eric H. Christensen sparks at fedoraproject.org
Fri Nov 9 16:24:30 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Nov 09, 2012 at 09:33:08AM -0500, Matthew Miller wrote:
> https://fedoraproject.org/wiki/Features/firewalld-default
> 
> We have an accepted feature for Firewalld to be the default in Fedora 18.

This replaces iptables and ip6tables?  Perhaps I have had my head in the sand (I certainly haven't been looking around) but this is the first I've heard of a replacement for iptables.  Has firewalld been tested as well as iptables has (which seems to be a fairly bullet-proof solution)?

> But, I think we should strongly consider pushing this to F19, because:

...
>   - there's little to no documentation

I'd happily help document it in the Fedora Security Guide if I could get the proper content or access to the developers.  Heck, I'll even help write stand-alone documentation for this project if needed.

> The lack of documentation is really the showstopper here. If we had really
> good 1) hand-holding documentation and 2) technical documentation for
> admins, I'd be more willing to take the risk. (In an even more ideal world,
> the UI would be so well designed that the hand-holding documentation
> wouldn't be necessary.)

+1

- -Eric "Sparks"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQnS4+AAoJEIB2q94CS7PRdGcP/1z5O5kgvHDX04E/6t3xhdWv
w2JtwDC3zYc0KlASa+XFPlqFmvQUBngI7Esy3kJ8+mas+bFwVOftTRQhZz13mmfg
C+eKe/rHtL2hEF/EDkWe23FSASrHdK6FNyotK7xxdfh3QYPGmavmFSvlETg6qUdS
kkWRrTCtkro4EirO7KGbW7DDeuzcxqK6IHy6JStdevouwaTqJ/TtdCI2vYJKDTyg
GkxQQwk00GCk7xox5dJq1jdpniVfpQ/pKAVb9BTuQYCaMCuqdv64xg6ggbkXi28T
cIFkdKxNCBw0L5Ecwg3/d4y2OlTAJmBULsAQZ7piFKXFbHPb9CofxCypGSTn5cMw
F9wnr/0geTw3UOxfi0OGNm2Wf0x2B9n7iyYZODxvihdoeg8OGbusPJr9viRYI7tA
47+/95ywXBTcAPxLwSCb3vXG2FImgnzwnaG/9xpKZk4dKAZcxQBxqlgDtBbilv8X
zvr9ArmCG9hdEAojD66AKM5Qmzse+tPaAiDFecGBvlSN3/J2AOrTF9U64Akbkzg9
+uXkV3rk/DhP0JTLXvb8Aizbb9Y51PGO/G7KZH3tCYieaCQbkNdddNbIg3WI4kV1
AEGvDd30vDdAkl17UcguV6iwPwCP0tFs9GNcJRCEninL+/bQmVs2PcpYJ5+oPBsi
vUc791SABXCttPkm1X/A
=E0LH
-----END PGP SIGNATURE-----

More information about the devel mailing list