Re: Is the current firewall model static?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Tue, 2011-12-20 at 10:25 +0100, Hansa wrote:
> Hi there,
> Fedora is running a project called firewalld. Firewalld manages the firewall
> dynamically via D-BUS
> ( They say:
> "the current firewall model is static and **every** change requires a
> complete firewall restart. This includes also to unload the firewall
> netfilter kernel modules and to load the modules that are needed for the new
> configuration."
> I would be very surprised if their claim is true. Because that would break
> statefull connections when changing the rules. I'm not familiar with the
> code so I can't comment on that. Hence my question. Is the current firewall
> model static?

I think that what they mean is that the current *Fedora* firewall model
is static. It looks like firewalld still uses iptables, but is slightly
more intelligent as to how it processes changes to rules and so on.


To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux