On 08/12/2014 07:25 AM, Always Learning wrote:
On Mon, 2014-08-11 at 14:36 -0400, Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of activated system services
I just love using sv ipt ... (my abbreviations for service iptables). Not keen on another 'service' duplicating my manual and automated efforts.
FirewallD just builds and modifies iptables rules.
Why do I need more complexity together with more learning time and more effort and conversion of existing rules ? IP Tables works fine. Absolutely no complaints.
If anything, FirewallD might make it easier to migrate to nftables (a potential replacement for iptables) when that becomes mature[1].
Think I would prefer to use the nftables without a Lindoze wrapper.
I think all the various folk that have learned to manage iptables have forgotten the pain and arcane syntax and gotchas that trap you when you first start. So now you have your favourite script that "just works" and you do not want to change.
Fine, that is an option available to you - take the option and move on. For others, those new to Linux, and many that use things like webmin the new firewalld may be an adequate solution. Sure it feels a little windoze like, but please give it a rest.
For better or otherwise the CentOS upstream provider has made a change and thus that is the new world for any that want CentOS-7. It is a done deal, perfect? unlikely, I for one have seldom needed or put in place an outgoing firewall, in fact cannot recall ever needing to. I have set up dozens of servers on multiple continents and always have an incoming firewall in place, along with selinux enforcing (since CentOS-6).
Will shortly start installing CentOS-7, thus far, only done live boot of gnome and kde disks to have a look, and look forward to seeing how it plays.
Would appreciate more constructive posts on the list - please