On 8.7.2014 17:25, m.roth@5-cent.us wrote:
Dennis Jacobfeuerborn wrote:
The problem firewalld tries to solve is that nowadays you often want to insert temporary rules that should only be active while a certain application is running. This collides a bit with the way iptables works. For example libvirt inserts specific rules when you define networks for virtualization dynamically. If you now do an iptables-save these rules get saved and on next boot when these rules are restored the exist again but now libvirt will add them dynamically a second time.
Firewalld is simply a framework built around iptables that allows for applications to "register" rules with additional information such as
And so nothing like, say, fail2ban....
I haven't looked closely on firewalld yet, but in practice it should probably allow making fail2ban functionality more robust and fail2ban like functionality simpler to implement. Especially as I distinctly remember of complaining of problems with fail2ban from Fedora list. (Granted have has very little time lately to read any mailing lists)
-vpk