fail2ban + firewalld suggestions needed
Matthew Miller
mattdm at fedoraproject.org
Wed Mar 19 11:38:11 UTC 2014
On Tue, Mar 18, 2014 at 11:09:31PM -0600, Orion Poplawski wrote:
> - Do we do this by default, because firewalld is the default firewall in
> Fedora? I would not want to require firewalld though because fail2ban
> can work perfectly fine without it, so it would be broken by default on
> systems without firewalld installed (or enabled).
I'm not a fan of that, as it goes from default to mandatory more quickly
than it should.
> - Stick it in a fail2ban-firewalld sub-package that requires firewalld.
> Downside is that people need to figure out that they really should
> install this for default installs. Upside is it is easier to use
> without firewalld (don't need to find and remove the
> fedora-firewalld.conf file).
This gets my vote. An alternate approach would be to make fail2ban be a
virtual package that requires fail2ban-firewalld and a new fail2ban-server
subpackage which contains the actual thing.
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the devel
mailing list