-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wed, Sep 25, 2013 at 01:07:59PM -0500, Lance Lassetter wrote: > Firewalld is just not workable enough for me. For instance I need to have quirky netfilter rules to make my squid proxy setup to work properly. There is no easy way to do this with firewalld. Also I set up an iptables queue so that netfilter supports suricata ips mode. This also, no easy way... > > Netfilter is just so diverse and firewalld seems to strip a lot of that diversity away. > > What about the idea that people who want to write their own iptables custom scripts that can be, after wiriting the script and implementening it, a smart way for the script to be imported...the whole script, into firewalld. Last I tried, my nat rules weren't compatible with firewalld. Like maybe a simpe iptables-save then a firewalld-save or the like. Then maybe ask if to import it into firewalld's 'home', 'work', 'public', etc. It sounds a bit like you are trying to use firewalld on a server. I would not recommend using firewalld for anything but client boxes and, specifically, client boxes with simple rules. If you are using this on a server I would uninstall firewalld and not use the complexity that it adds to iptables but rather just use iptables (and ip6tables). There is nothing wrong with using your scripts on iptables and not using firewalld. You seem to know how to configure iptables which is what firewalld aims to fix for people that don't. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Red Hat, Inc - Product Security Team sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQGcBAEBCgAGBQJSRECuAAoJEB/kgVGp2CYvMg4L/i8HCunAahLtrCT0up514ag8 S+z9CLNr7f6SrdzGNDyBKfq4uM+Vgg8kJIf4AZNj9/F1DE55sKQB0rRSXVxZ1qZ1 qu7A8c+okUCaZ95LuBLzS7iGC7RIpfIGmNdd/sLlbF7G0nbN+GjWIVtpVw4JGbua 2ENKU/BOBceA+sfruBU9FXWDl3zreNU5ucVsiZjHJ8LwJclTSURSwaqrY+cTfaUq xEuOtwxNV+hBf0lvSHffvPeyCsToEJLu2ZIKGGLmI6Kf7vtzGXRp4TTzKrDTu8nF THfzxX3XtN5RE1JBpx44bThd6lj38Mt/qqEY4sdtMfsihF9l2JQdJvxitb9EiBdF g2HJpRggMjfMpZH+m4nthEb+oFzscweBg5qcEe+5EnimiRB30+NsdBLgtsthk8tP 3+jeQPfAaINlaGStVEpugr5bGVRstANIRyKLSSKqbJy+w8JQAN8RYRivMeJMn5YI E1U8QWv/TBSFvWmHn+bj7zhY3siDwOM+G+i7P7B3gA== =rFhQ -----END PGP SIGNATURE----- -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
