On 11.08.2014 15:43, Tom Bishop wrote: >> You and 4 other guys are moving things from Linux to FreeBSD. >> >> The rest of the world is moving things from UNIX and Windows to Linux. >> >> CentOS-7 rebuild RHEL sources and most all of the "important" Enterprise >> Linux things are moving to RHEL. >> >> RHEL runs the stock exchanges, the banks, etc. >> >> Free BSD is fine and people can use it if they like ... but if you want >> real Enterprise grade software, it needs to be RHEL based, that is just >> the way it is. >> >> Keep in mind that EL 7.0 is a 'dot zero release' and some of the >> features need work. It works for the majority of use cases, but some >> features will need to be enhanced, and Red Hat will enhance it. When >> they do, we will build the source code and it will be in CentOS. >> >> > > I hear you Johnny, I'm a big RH fan, but there is several things that > they have shifted to in RHEL 7 that just chafes a little. > > I am dual hat guy, network and IS and when iptables with firewalld, at > a minimum I would like the ability to be able to accomplish the same > things I accomplished with iptables. I read about firewalld the pros > and cons and I understand the shift and reason. > > But I do have heartburn when they call something a "firewall" and you > cannot drop all the packets. It's not like they didn't know about it > since I read about it in fedora and it's not clear if it will be > addressed. There are lots of use cases where I want to control all of > the packets coming and going from a box, I see this becoming more so > moving forward. > > Hopefully this will be addressed in a future release, trying to figure > out where I can go to now and keep up to date with the latest > firewalld info, just to stay clued in. While I am also disappointed with firewalld I think the whole situation is not as terrible as people claim it is after all you can easily go back to iptables as it was in CentOS 6: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#sec-Using_iptables It's strange that people threaten to go FreeBSD simply because the defaults are not to their liking. Not exactly a rational way to look at things. Regards, Dennis