Miloslav Trmač wrote:
> Looking at hour original warning flag: Squeezing every last megabyte
> out of the running system for cloud is a really new thing that we
> haven't historically required. Sure, it would be great to make
> firewalld smaller (and rewriting firewalld to C is one of those things
> that have been promised a long time ago and never happened), but I
> don't really see that as a blocker.
The C rewrite should be treated as a requirement for being considered
anything other than a prototype.
> We'd get the 8-years duplication of init.d/network vs. NetworkManager
> all over again, and I personally strongly want to avoid that (this was
> a third of my FESCo election platform).
Well, I'm not too happy about having 2 ways of doing things either. However,
I really don't see the point of running a Python daemon to dynamically
control something I never change in the first place. Now, sure, firewalld
also does connection tracking and I'd personally have no problems running a
lightweight C daemon to handle that, but why on Earth does it have to be in
Python? And what about the many system administrators using handwritten
rules (see Harald Reindl's reply)? system-config-firewall is a Fedora-
specific UI with limited functionality which it makes sense to replace with
something more flexible, but iptables rules are a long-established cross-
distribution interface, won't firewalld stomp on those rules, by the way it
works?
Kevin Kofler
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
