Setting the default firewall configuration (was Re: Attention, dependency fighters)
Miloslav Trmač
mitr at volny.cz
Thu Nov 15 18:16:21 UTC 2012
On Thu, Nov 15, 2012 at 7:10 PM, Adam Williamson <awilliam at redhat.com> wrote:
> On Thu, 2012-11-15 at 19:02 +0100, Miloslav Trmač wrote:
>> On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
>> > Am 15.11.2012 18:06, schrieb Adam Williamson:
>> >> Right. I hate to say it, but Harald is correct here: AFAIK, all those
>> >> and other firewall configuration mechanisms were ultimately just
>> >> UI/abstraction layers wrapped around iptables. They wrote iptables
>> >> rules. firewalld is very different.
>>
>> (Side-reply to Adam:) I can't see the difference; /sbin/iptables still
>> works if you have firewalld running.
>
> Sure, but the background here was the 'replace vs. augment' question -
> is firewalld actually planned to replace iptables in the long run, or
> are we committed to maintaining iptables as an alternative mechanism? It
> sounds like harald would be happy if the latter is the case.
(as far as I understand the situation:) iptables as a kernel
interface and a low-level command will exist, but applications will
expect the existence of the firewalld D-Bus service (as opposed to the
system-config-firewall D-Bus service, at least; I'm not sure what this
implies about systems where the firewalld D-Bus service is not
available), and firewall-cmd, not iptables, will be the recommended
user tool.
In fact, not "applications will expect...", but "applications already
expect" - this is already the case with anaconda, control-center and
perhaps other applications.
Mirek
More information about the devel
mailing list