On Fri, 2013-02-15 at 14:11 +0100, Reindl Harald wrote: > > The old firewall configuration tool would reload the entire set of > > kernel rules when you made a change. This could cause side-effects > such > > as dropping open connections. The new firewalld system avoids this > where > > possible. In fact I'm not even sure of the effect of mixing the two; > if > > you're using firewalld then use firewall-config to configure it. > > and firewall scripts using iptables.service provide the same as > firewalld since decades: change the whole iptables policy > without unload any kernel-module Which is unsurprising given that firewalld does not replace iptables, it merely provides a different interface to it. Perhaps I wasn't clear. My comment was specifically about the *configuration tool* (i.e. system-config-firewall), not the underlying technology. The (potential) problem with using multiple config tools is that they may not talk to each other. System-config-firewall has an explicit warning about it not checking the current state of the kernel rules before overwriting them. Presumably firewall-config is more careful. No-one is saying you can't write your own scripts, but the OP asked if firewall-config had an advantage over system-config-firewall, and the answer is that it does. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
