On Tue, Aug 21, 2012 at 1:02 PM, Laine Stump <laine@xxxxxxxxx> wrote: > On 08/21/2012 11:51 AM, Doug Goldstein wrote: >> On Thu, Aug 16, 2012 at 1:18 AM, Laine Stump <laine@xxxxxxxxx> wrote: >>> From: Thomas Woerner <twoerner@xxxxxxxxxx> >>> >>> (This is Thomas v3 version of 1/2 of the firewalld patches, modified >>> to check for firewall-cmd and firewalld state only once, rather than >>> every time an iptables rule is added or removed. It's not intended to >>> be pushed, because I'm still having issues with it, at least on my >>> machine. I'm mostly concerned with item (1) on the list below; the >>> others could be solved later or tolerated.) >>> >>> * configure.ac, spec file: firewalld defaults to enabled if dbus is >>> available, otherwise is disabled. If --with_firewalld is explicitly >>> requested and dbus is not available, configure will fail. >> So this means that on distros that ship with D-Bus (most distros that >> would include libvirt nowadays) the default out of the box would be to >> assume it has firewalld? Unless --without_firewalld was passed? > > Yes, that's correct. But it should be harmless - libvirtd will try > calling "firewall-cmd --state", fail because it doesn't exist, then fall > back to using iptable/ebtables directly. > > Definitely try it out and let us know if it causes any trouble though. > Part of the reason of push it now is so that it can get a reasonable > shakeout between now and the next release. I'll give it a whirl this weekend and follow up with you off-list. Thanks. -- Doug Goldstein -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list