About F19 Firewall

Thomas Woerner twoerner at redhat.com
Fri Sep 20 14:30:05 UTC 2013


On 09/20/2013 04:15 PM, Matthew Miller wrote:
> On Tue, Sep 17, 2013 at 04:50:06PM +0200, Mateusz Marzantowicz wrote:
>> It's written in Python and so what? Interpreted languages like Perl and
>> Bash are widely used in Linux world to implement many tools. I don't buy
>> argumentation that if something is not implemented in C it sucks.
>
> It's not that it "sucks", it's that it requires significantly more
> resources. In a minimal install, firewalld is by far the largest memory
> consumer out-of-the-box, which is very wasteful in the 99.99% of the time
> where it isn't doing anything.
>
> And, the python stack is a meaningfully-large portion of the minimal
> install. Right now, that's unavoidable because of yum, but in the not-so-far
> future dnf may make it possible to remove that. If we're putting in _more_
> python-dependent infrastructure code, we'll never get there.
>
We are already working towards a rewrite in C for firewalld and 
firewall-cmd. firewall-config and firewall-applet will be python also in 
the future.


More information about the devel mailing list