On 10/07/2010 02:20 AM, Genes MailLists wrote: > On 10/06/2010 11:26 AM, Thomas Woerner wrote: > >> 6) Compatibility Mode >> >> The current static firewall model will still be available for >> compatibility for users or administrators creating their own firewall. >> This deactivates the firewall service and also the D-BUS daemon. >> >> ------- >> >> Comments and additional information is highly welcome. >> > > I hope by 'compatibility mode' you mean it is 'completely off' and > there is no possibility of it touching the rules because its not running > in any form. > > Its vital for those of us who have hand coded firewall rules that this > is totally turned off and it is impossible for it to touch the rules. > > In my case, I have about 40,000 rules and I def don't want anything > else mucking with them! > > Thanks - its an interesting idea and the default firewall could use > some spiffing up for many use cases. > > Yes, the compatibility mode means that the dynamic daemon is disabled and the current system-config-firewall, ip*tables and ebtables services will still be availabe to be able to have an own and/or static firewall setup. The only question here is what the default should be in the furture. I think for desktop installations it should be the daemon and for servers the static model. Firstboot, installation time or first network usage is a good place to define this in my opinion. Ciao, Thomas -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
