Am 15.11.2012 19:16, schrieb Miloslav Trmač: > (as far as I understand the situation:) iptables as a kernel > interface and a low-level command will exist, but applications will > expect the existence of the firewalld D-Bus service (as opposed to the > system-config-firewall D-Bus service, at least; I'm not sure what this > implies about systems where the firewalld D-Bus service is not > available), and firewall-cmd, not iptables, will be the recommended > user tool and this is the reason why i say CAUTIOn i do not want nor can i accept anything on MY machines expect anything to deal with iptables-rules. i am the only on e instance to define what is open and closed and with which REJECT or DROP answer what is closed nobody and nothing has to touch this dynamically if a application needs a port open i am the one to open it and if not you can be sure there is a good reason why it stays closed - the reason is security and professional it-managment i am responsible for my data, comanies data and data of many customers so i have to be the instance to control every piece of software - on servers and static setups there is no need for dynmaic connifurations - the opposite is true: you need to disable and close ANYTHING and allow NOTHING where you are not 100% sure that you aware what is done these things will not change tomorrow nor in 20 years and the palces where they are changed you read regulary in the newspaper because intrusions and security leaks!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
