Re: firewalld / iptables.service past F17

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am 23.04.2012 17:32, schrieb Miloslav Trmač:
> On Tue, Apr 17, 2012 at 10:40 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:
>> http://fedoraproject.org/wiki/Features/firewalld-default
>>
>>> An explicit transition is planned after Fedora 18 with dropping support for the
>>> static firewall with system-config-firewal/lokkit. A migration from the static
>>> firewall model will be needed then.
>>
>> are there only the ui-interfaces meant or do someone
>> consider drop "iptbales.service" at all? if so please
>> re-consider this!
> 
> I was pushing for the deprecation to avoid a NetworkManager-like
> duplication for the long term.

i really, really like the idea of "firewalld" for many setups!
it is a really nice improvement for desktops over the long

but please consider that network-manager and desktop is not
all and on servers with vpn-gateways, routings and such
things you do not really like it

please do not start seeing linux as desktop-only OS, it is not
cool that it works for desktops and servers and this should
be considered in big changes

> AFAICS you can s/iptables/firewall-cmd --direct --passthrough ipv4/,
> and things should continue to work (perhaps with minor modifications
> to avoid collisions with firewalld's default rule chains).

i simply do not need want any default chains
the first in a iptables-script is reset them

the iptables.sh for the environment where i work is currently
50 KB large, distributed and for all machines in the network
the same

> Or, if you insist, disable firewalld (... which might break some
> applications), and turn your shell script into a systemd service; but
> --direct --passthrough should be the preferred route.

how to replace such things?

cat /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_nat_sip ip_nat_ftp nf_conntrack_ftp nf_nat_ftp"
________________________________

cat /etc/sysconfig/iptables-config
IPTABLES_MODULES="nf_conntrack_ftp  nf_nat_ftp"

cat /etc/modprobe.d/local.conf
options nf_conntrack_ftp ports=21,4559
options ipt_recent ip_list_tot=5000 ip_pkt_list_tot=200

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux