On 8/11/2014 12:53 PM, Matthew Miller wrote: > On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote: >>> > >FirewallD just builds and modifies iptables rules. >> >Why do I need more complexity together with more learning time and more >> >effort and conversion of existing rules ? IP Tables works fine. >> >Absolutely no complaints. > Do you run virtual machines on any of your systems? The required dynamic > rules are the primary use case it solves very well. It also works as a > desktop firewall somewhat less ideally. Since it has an API, it may someday > be a full-featured dynamic server firewall. But, otherwise, it's probably > not what you want for anything complicated -- and mostly harmless for > anything simple. it could be argued that restrictive selinux rules are a better 'outbound' firewall than anything port based. -- john r pierce 37N 122W somewhere on the middle of the left coast