[CentOS] C7, firewalld and rich rules

Thu Jan 31 22:14:16 UTC 2019
Warren Young <warren at etr-usa.com>

On Jan 31, 2019, at 11:12 AM, mark <m.roth at 5-cent.us> wrote:
> Why would *ANYONE* think that everyone should just start from scratch,
> taking all the time in the world to get it converted?

If the conversion were simple enough to be easily automated, the new system is probably no more than just a syntactic difference away from the old, and thus does not provide any interesting new functionality or change in existing functionality.

It’s much the same as asking why there aren’t automatic programming language conversion tools: we wouldn’t need more than one programming language if they all mapped 1:1 to each other, short of going down to the machine code level and back up the technology stack.

Pretty much all the other major competing OSes have had at least one incompatible shift in their firewall implementations over the years, even that supposed bastion of ultimate stability, FreeBSD.  I take that as a sign that those designing firewall schemes in the early 1990s didn’t have magical levels of foresight when doing their work, so that replacements had to be incompatible to provide the functionality we now expect.