Re: Is the current firewall model static?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Tue, 2011-12-20 at 10:25 +0100, Hansa wrote:
> Hi there,
> 
> Fedora is running a project called firewalld. Firewalld manages the firewall
> dynamically via D-BUS
> (http://fedoraproject.org/wiki/FirewallD/#Why_A_Firewall_Daemon). They say:
> "the current firewall model is static and **every** change requires a
> complete firewall restart. This includes also to unload the firewall
> netfilter kernel modules and to load the modules that are needed for the new
> configuration."
> 
> I would be very surprised if their claim is true. Because that would break
> statefull connections when changing the rules. I'm not familiar with the
> code so I can't comment on that. Hence my question. Is the current firewall
> model static?

I think that what they mean is that the current *Fedora* firewall model
is static. It looks like firewalld still uses iptables, but is slightly
more intelligent as to how it processes changes to rules and so on.

Andy


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux