Am 15.11.2012 19:58, schrieb Adam Williamson: > I don't think anyone asked you to do any of those things. Fedora > obviously does not have the power to replace iptables with firewalld on > your router, so the question is not 'can you replace iptables with > firewalld on everything in your network and see if it works'. The > question is more 'can you see if firewalld does a good job of imitating > iptables on a single Fedora machine on your network, or a small amount > of them'. The whole point is it should be able to imitate an > iptables-type setup fairly transparently, so it should 'play nice' with > the rest of your setup. Can't you just test that? and that is why i posted earlier this day a masked copy of the script ONE script distributed from a admin-server is deplayoed to ANY machine and exuted with "ssh root@machine /scripts/iptables.sh" this thing was written, optimized and maintained for many years it containes rules to block specific outgoing AND incoming connections in a more or less dynmic infrastructure there is no "this is the iptables of machine X" i am not only responsible for ONE network, there are finally MANY networks, they are more or less based on this one script the reason is simply that if you have, can and do maintain larger environemnts more or less a a one-man-show you need to find workloads and solutions to surivive this which is achievd since years - starting tis from scratch means wasting weeks of lifetime don't get me wrong: force this would be no improvement finally: i am pretty sure that my environments are even SMALL compared with many others out there, iptables-service is a one-shot thing at startup, low-level this all is netfilter of the kernel so i refuse to understand any sense removing the iptables command and "iptables.service" to replace it for the sake of replacment if your argumentation would be this direction i would say "so why do we not remove XFCE, GNOME whatever because KDE exists"
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
