On 02/19/2014 06:57 PM, Lennart Poettering wrote:
On Wed, 19.02.14 12:40, Bastien Nocera (bnocera@xxxxxxxxxx) wrote:
----- Original Message -----
Hi,
I ended up calling the firewalld maintainer to understand the state of things
and there is this concept in firewalld called zones that we should be able to
use to create a better user experience, yet at the same time keep the
firewall
working when people connect with their laptop at an internet cafe for
instance.
Right. But firewalld can't a Fedora-only solution, otherwise no application developer
will want to integrate with it.
We'd also need designs based around that, and see if firewalld is indeed the right
technical solution.
Right now, we don't even know whether a firewall is required, or it's just a
work-around for applications that aren't integrated.
I fully agree with Bastien here. I don't think a firewall brings any
benefit on th desktop, and particularly not in the implementation of
firewalld. There are better ways to make sure the local system is not
vulnerable, and in its current state firewalld just creates problems and
slows down the boot immensly (it's the number 1 slowest component on
Fedora, right now.)
I will not reply to your personal opinion. But "firewalld is the number
1 slowest component on Fedora, right now."?
See below:
I just did a fresh F-20 gnome installation and applied all updates.
After 3 boots I used systemd-analyze and systemd-analyze blame:
F-20 x86_64 virt guest (after 2 boots):
Startup finished in 528ms (kernel) + 1.027s (initrd) + 4.208s
(userspace) = 5.765s
2.091s plymouth-quit-wait.service
1.373s firewalld.service
878ms accounts-daemon.service
833ms libvirtd.service
687ms rtkit-daemon.service
615ms avahi-daemon.service
544ms ModemManager.service
470ms chronyd.service
456ms systemd-logind.service
After disabling firewalld (and two boots):
Startup finished in 520ms (kernel) + 996ms (initrd) + 3.948s (userspace)
= 5.465s
1.855s plymouth-quit-wait.service
1.145s libvirtd.service
867ms accounts-daemon.service
826ms NetworkManager.service
670ms rtkit-daemon.service
611ms avahi-daemon.service
535ms ModemManager.service
459ms systemd-logind.service
431ms plymouth-start.service
After uninstalling firewalld (and two boots):
Startup finished in 528ms (kernel) + 1.029s (initrd) + 3.944s
(userspace) = 5.502s
1.536s plymouth-quit-wait.service
1.230s accounts-daemon.service
1.190s NetworkManager.service
1.089s rtkit-daemon.service
1.053s avahi-daemon.service
975ms ModemManager.service
955ms systemd-logind.service
855ms chronyd.service
709ms libvirtd.service
systemd-analyze was used to produce this initially after 3 boots and
after 2 boots after each change.
firewalld is not the "number 1 slowest component on Fedora, right now.",
but it is plymouth-quit-wait.
As you can see, the userspace time varies by about 0.3s after disabling
and also uninstalling firewalld!
Taking into account that only firewalld changed in these the output of
"systemd-analyze blame" is very unexpected. The start times of other
services increased by 40 to 50% after firewalld is not started and not
available anymore.
I can only measure a difference of about 0.3s in boot time with and
without firewalld.
Lennart
Thomas
--
desktop mailing list
desktop@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/desktop
