On Sun, 13 Dec 2015 12:30:39 -0600
Nicholas Geovanis wrote:
> I don't dispute the value of GUIs. I have a comment and a question,
> first that in "the data center" my experience is that iptables rules
> are put into place and only rarely changed thereafter, like the
> network configuration at the server.
>
> But my question was partly this: What is the specific need for a
> continuously running daemon firewalld if what we wanted was a GUI
> front-end for iptables?
> Thanks....Nick Geo
Hi Nick,
Because it is not a 'static configurator.' It delivers a dynamic
firewall. See
<https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Dynamic_firewall_with_FirewallD>
"The firewall daemon ... manages the firewall dynamically and applies
changes without restarting the whole firewall. ..." Among other things,
it:
- offers separation of runtime and permanent configuration options
- supports an interface for services or applications to add firewall
rules directly
- provides information about the current active firewall settings via
D-BUS and also accepts changes via D-BUS using PolicyKit
authentication methods
hth & regards,
Carl
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
