On 8/11/2014 12:53 PM, Matthew Miller wrote:
On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote:
FirewallD just builds and modifies iptables rules.
Why do I need more complexity together with more learning time and more effort and conversion of existing rules ? IP Tables works fine. Absolutely no complaints.
Do you run virtual machines on any of your systems? The required dynamic rules are the primary use case it solves very well. It also works as a desktop firewall somewhat less ideally. Since it has an API, it may someday be a full-featured dynamic server firewall. But, otherwise, it's probably not what you want for anything complicated -- and mostly harmless for anything simple.
it could be argued that restrictive selinux rules are a better 'outbound' firewall than anything port based.