On Wed, 2011-12-21 at 10:27 +0100, Andrew Beverley wrote: > On Wed, 2011-12-21 at 10:18 +0100, Hansa wrote: > > > I think that what they mean is that the current *Fedora* firewall model > > > is static. It looks like firewalld still uses iptables, but is slightly > > > more intelligent as to how it processes changes to rules and so on. > > > > I wasn't aware the firewall model is implemented differently across > > different Linux flavors. I thought netfilter implements a packet > > filtering framework into the Linux kernel. Shouldn't it work the work > > the same on every Linux flavor? > > Once the iptables binary has been called and the rules have been set, > then yes, it's the same across any flavour of Linux (I guess). > > I meant that the distro's implementation of how the rules are managed is > different. There are loads of different ways. A quick search on a Ubuntu > system reveals the following. I'm guessing that all of these use > iptables, but some are better than others at changing rules "on the > fly". So it's all about 'how' the firewall is managed (by which tools that is). Netfilter by itself isn't static. Using iptables you can change the firewall dynamically. Using system-config-firewall you're static. Thanks for clarifying! -Hansa -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
