Re: CentOS 6.5 equivalents in CentOS 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, October 30, 2014 9:42 pm, Always Learning wrote:
>
> On Thu, 2014-10-30 at 16:14 +0000, Marko Vojinovic wrote:
>
>> Sure, I do know how it works. :-) However, the iptables requires me to
>> think about it when specifying -I or -A every time I modify the rules.
>
> When I set-up a server, I devise the rules and the sub-systems that
> interface with IPtables and rarely change anything, except to empty
> (flush) the blocked IPs in the monthly banned table.
>
> Adding an extra facility is usually quick and easy. I know what I want
> and I instinctively know where I want the -I. Rarely do I use -A on an
> established table.
>
> IPtables is flexible, efficient and effective.
>
>> My beef is that in most situations I don't really need to be bothered
>> with that --- if I want to open a http port, the machine should be the
>> one to figure out where to put the rule.
>
> Assuming the IPtables firewall is logically designed, it is very easy to
> see exactly where you need to place the command. Your wish to delegate a
> simple placement to the software suggests you are not well familiar with
> the design and construction of your IPtables firewall. firewalld is
> probably ideal for you, but I perfect the precision and flexibility of
> IPtables (perhaps because I am an assembler programmer at heart)
>
>> You seem to be pushing the argument that we should give up Office
>> suites and force the user to write everything in TeX, since it is more
>> powerful and exposes a lot more technical details to the user.
>
> No. Writing letters and playing with spreadsheets should be done with
> Libre Office.
>
>>  But TeX
>> comes with a steep learning curve, and the vast majority of people
>> don't really need it. Similarly, C is far more powerful then, say,
>> Phyton or a bash script, so should we do all our scripting in C?
>
> Use the best and most convenient tools relevant to the task. I use PHP
> for most programming work.
>
>> Running httpd on port 81 is not really common, since all
>> real-world clients are expecting it on to be on port 80.
>
> It was an illustration of using http on a non-standard port. Very easy
> to do in IPtables. I have nothing running on 81.
>
> Time is finite. Having leant much, but not all, about IPtables I am
> reluctant to learn firewalld just to do what I can already do,
> elegantly, in IPtables.
>
>> I have a feeling that it's just the case of lazy sysadmins who don't
>> want to bother reading the man page for firewall-cmd.
>
> Why waste time and energy learning a different and unappealing method to
> do exactly what I can do already in IPtables ?

Yes, and after all they both are the front end to the same kernel module...

Valeri

>
> Best wishes.
>
> An IPtables Fan :-)
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux