On 11/13/2012 05:28 PM, Thomas Woerner wrote: > On 11/13/2012 03:46 PM, Matthew Miller wrote: >> On Tue, Nov 13, 2012 at 02:28:17PM +0100, Tomasz Torcz wrote: >>>>>> Here, I mostly don't see the reason for it to be running all the time. >>>>>> Couldn't it be dbus activated, and then go away when it's not needed? >>>>>> Then, >>>>>> it would matter less what it was written in. >>>>> It would loose internal state if it would be D-BUS activated. >>>> Surely it could persist it somewhere? >>> Like in the actual netfilter rules? >> >> Yes. >> >> It has to be able to save internal state *somehow*, because if restarting >> the service breaks everything, we're not gaining much over the old way, are >> we? Plus, for a critical service like this, the service needs to be designed >> to be as robust as possible in situations where it might crash or get killed >> arbitrarily. >> > With the old static firewall model every firewall change was a complete > firewall recreate with conntrack loss. With firewalld changes to the > firewall are done dynamically and conntrack is preserved. That's not correct. You can modify the firewall just fine without restarting it. Regards, Dennis -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
