[CentOS] firewalld being stupid

Tue Nov 17 11:16:00 UTC 2015
Marcelo Ricardo Leitner <marcelo.leitner at gmail.com>

Em 17-11-2015 01:26, Dennis Jacobfeuerborn escreveu:
> On 16.11.2015 22:58, Gordon Messmer wrote:
>> On 11/16/2015 01:39 PM, Nick Bright wrote:
>>> This is very frustrating, and not obvious. If --permanent doesn't work
>>> for a command, then it should give an error - not silently fail
>>> without doing anything!
>>
>> But --permanent *did* work.
>>
>> What you're seeing is the documented behavior:
>>         --permanent
>>             The permanent option --permanent can be used to set options
>>             permanently. These changes are not effective immediately, only
>>             after service restart/reload or system reboot. Without the
>>             --permanent option, a change will only be part of the runtime
>>             configuration.
>>
>>             If you want to make a change in runtime and permanent
>>             configuration, use the same call with and without the
>> --permanent
>>             option.
>
> That's fairly annoying behavior as it creates the potential for
> accidentally diverging configurations.
> Why not do the same as virsh an have two options for this? When I attach
> a device I can specify --config to update the persistent configuration,
> --live to update the runtime configuration and both if I want to change
> both. That's a much better API in my opinion.

It's the same thing but with different names and a default, --config.
And I agree, it would be nice to be able to issue both options at once.
Would you open a BZ asking for this or should I?

   Marcelo