On Wed, 2012-04-25 at 17:27 -0600, Dariusz J. Garbowski wrote: > On 25/04/12 10:55 AM, Adam Williamson wrote: > > On Tue, 2012-04-24 at 09:30 -0500, Jon Ciesla wrote: > > > >> Nothing is being taken away, the default is being changed. If you're > >> using Fedora in production, I presume you're installing with > >> Kickstart. > > > > It's worth noting that if the question is how does firewalld handle > > upgrades, I think it may be somewhat irrelevant because AFAIK even when > > firewalld was going to be the F17 default, we never implemented anything > > to cause upgraded systems to switch to it. It was only new installs > > which were getting firewalld. Upgraded ones stuck with the static > > iptables/s-c-f/lokkit system. > > Does that imply that new installs will be easily switched from firewalld > to static iptables? I always do new install but I want to keep my firewall > static, with my current iptables script. Once we actually go to firewalld by default, then yes, at least as long as lokkit and s-c-f are maintained. The procedure is, more or less: systemctl disable firewalld.service systemctl stop firewalld.service systemctl enable iptables.service systemctl start iptables.service lokkit --enabled -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
