Setting the default firewall configuration (was Re: Attention, dependency fighters)
Kevin Fenzi
kevin at scrye.com
Thu Nov 15 18:37:17 UTC 2012
On Thu, 15 Nov 2012 19:30:27 +0100
Reindl Harald <h.reindl at thelounge.net> wrote:
> Am 15.11.2012 19:27, schrieb Miloslav Trmač:
> > On Thu, Nov 15, 2012 at 7:08 PM, Reindl Harald
> > <h.reindl at thelounge.net> wrote:
> >> Am 15.11.2012 19:02, schrieb Miloslav Trmač:
> >>> It would be very helpful for judging the maturity/suitability of
> >>> firewalld if you could try converting your iptables script to
> >>> firewall-cmd --direct (which, at least I hope, should be possible
> >>> to do with a few sed commands), and report back whether the
> >>> pass-through capability is good enough.
> >>
> >> you CAN NOT easily convert iptables.sh scripts containing
> >> hundrets of commands in a specific order which are well tested
> >> over years and your replacment for any hardware firewall/router
> >
> > Have you actually _tried_? It's supposed to be as easy as
> > s/iptables/firewall-cmd --direct --passthrough ipv4/
> >
> > I don't know for a fact whether it is good enough. You seem to
> > have a script that could tell us.
>
> i posted a script realier this day as .txt file with
> masked network details, but it did not go trough list
> moderation AFAIK until now
Everyone on this list doesn't need a copy of your (lengthy) iptables
script, IMHO.
Perhaps the two of you could continue this off line and test and report
back to the list?
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20121115/9879fb17/attachment.sig>
More information about the devel
mailing list