On 16.09.2013 07:55, P J P wrote: > Hello Tomasz, > > ----- Original Message ----- >> From: Tomasz Torcz <tomek@xxxxxxxxxxxxxx> >> Subject: Re: About F19 Firewall >> You seem to have missed this Fedora *18* feature: >> https://fedoraproject.org/wiki/Features/firewalld-default >> firewall-cmd is supposed to isolate user from all this chains. > > > Yep, true. My contention is not with the tool, but with the complexity it adds to the rules with all the zones and sub-chains and user-space tooling around it. > > > -> https://fedoraproject.org/wiki/FirewallD > > > As I suspected a zone describes a network one is currently connected in. It could be home, work, public(wifi at a coffee shop) etc. That means one must keep shifting from home to work to home and in between public for coffee-shop. I wonder who's going to do that every day. If they don't they either don't get to use the network services or are not protected enough. Ex. one always has the 'public' zone rules activated. > Wireless networks have unique "names" and are represented as different connections on NetworkManager (network connection != interface). For network named "MyHomeNet" one can associate Home zone in NetworkManager and for network "CoffeShowHotSpot" one assigns Public zone. You don't have to change anything once it's assigned. Public zone is as I understand strictest but usable one (block zone does not allow traffic). This can also be applied to wired connection. The reason for all that chains is to allow adding/removing rules without need to reload all of them. It's written somewhere on FirewallD's site. I agree they're harder to understand and maintain manually by sysadmin but they're not designed for such usage. Mateusz Marzantowicz -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
