RE: Is the current firewall model static?

["Hansa" <mythtv@xxxxxxxxxx>]

On Wed, 2011-12-21 at 10:27 +0100, Andrew Beverley wrote:
> On Wed, 2011-12-21 at 10:18 +0100, Hansa wrote:
> > > I think that what they mean is that the current *Fedora* firewall model
> > > is static. It looks like firewalld still uses iptables, but is slightly
> > > more intelligent as to how it processes changes to rules and so on.
> >
> > I wasn't aware the firewall model is implemented differently across
> >  different Linux flavors. I thought netfilter implements a packet
> >  filtering framework into the Linux kernel. Shouldn't it work the work
> >  the same on every Linux flavor?
> 
> Once the iptables binary has been called and the rules have been set,
> then yes, it's the same across any flavour of Linux (I guess).
> 
> I meant that the distro's implementation of how the rules are managed is
> different. There are loads of different ways. A quick search on a Ubuntu
> system reveals the following. I'm guessing that all of these use
> iptables, but some are better than others at changing rules "on the
> fly".

So it's all about 'how' the firewall is managed (by which tools that is). Netfilter by itself isn't static. Using iptables you can change the firewall dynamically. Using system-config-firewall you're static.

Thanks for clarifying!
-Hansa

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html