Re: [PATCH v4] network: use firewalld instead of iptables, when available

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 21, 2012 at 1:02 PM, Laine Stump <laine@xxxxxxxxx> wrote:
> On 08/21/2012 11:51 AM, Doug Goldstein wrote:
>> On Thu, Aug 16, 2012 at 1:18 AM, Laine Stump <laine@xxxxxxxxx> wrote:
>>> From: Thomas Woerner <twoerner@xxxxxxxxxx>
>>>
>>> (This is Thomas v3 version of 1/2 of the firewalld patches, modified
>>> to check for firewall-cmd and firewalld state only once, rather than
>>> every time an iptables rule is added or removed. It's not intended to
>>> be pushed, because I'm still having issues with it, at least on my
>>> machine. I'm mostly concerned with item (1) on the list below; the
>>> others could be solved later or tolerated.)
>>>
>>> * configure.ac, spec file: firewalld defaults to enabled if dbus is
>>>   available, otherwise is disabled. If --with_firewalld is explicitly
>>>   requested and dbus is not available, configure will fail.
>> So this means that on distros that ship with D-Bus (most distros that
>> would include libvirt nowadays) the default out of the box would be to
>> assume it has firewalld? Unless --without_firewalld was passed?
>
> Yes, that's correct. But it should be harmless - libvirtd will try
> calling "firewall-cmd --state", fail because it doesn't exist, then fall
> back to using iptable/ebtables directly.
>
> Definitely try it out and let us know if it causes any trouble though.
> Part of the reason of push it now is so that it can get a reasonable
> shakeout between now and the next release.

I'll give it a whirl this weekend and follow up with you off-list.

Thanks.
-- 
Doug Goldstein

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]