On Tue, 2011-12-20 at 10:25 +0100, Hansa wrote: > Hi there, > > Fedora is running a project called firewalld. Firewalld manages the firewall > dynamically via D-BUS > (http://fedoraproject.org/wiki/FirewallD/#Why_A_Firewall_Daemon). They say: > "the current firewall model is static and **every** change requires a > complete firewall restart. This includes also to unload the firewall > netfilter kernel modules and to load the modules that are needed for the new > configuration." > > I would be very surprised if their claim is true. Because that would break > statefull connections when changing the rules. I'm not familiar with the > code so I can't comment on that. Hence my question. Is the current firewall > model static? I think that what they mean is that the current *Fedora* firewall model is static. It looks like firewalld still uses iptables, but is slightly more intelligent as to how it processes changes to rules and so on. Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
