On 8.7.2014 17:25, m.roth at 5-cent.us wrote: > Dennis Jacobfeuerborn wrote: >> The problem firewalld tries to solve is that nowadays you often want to >> insert temporary rules that should only be active while a certain >> application is running. This collides a bit with the way iptables works. >> For example libvirt inserts specific rules when you define networks for >> virtualization dynamically. If you now do an iptables-save these rules >> get saved and on next boot when these rules are restored the exist again >> but now libvirt will add them dynamically a second time. >> >> Firewalld is simply a framework built around iptables that allows for >> applications to "register" rules with additional information such as > And so nothing like, say, fail2ban.... I haven't looked closely on firewalld yet, but in practice it should probably allow making fail2ban functionality more robust and fail2ban like functionality simpler to implement. Especially as I distinctly remember of complaining of problems with fail2ban from Fedora list. (Granted have has very little time lately to read any mailing lists) -vpk