Le jeudi 15 novembre 2012 à 09:06 -0800, Adam Williamson a écrit :
On Thu, 2012-11-15 at 14:48 +0100, Reindl Harald wrote:
Am 15.11.2012 13:33, schrieb Michael Scherer:
Le jeudi 15 novembre 2012 à 03:23 +0100, Kevin Kofler a écrit :
iptables rules are a long-established cross-
On Thu, Nov 15, 2012 at 3:23 AM, Kevin Kofler kevin.kof...@chello.at wrote:
And what about the many system administrators using handwritten
rules (see Harald Reindl's reply)?
There is a --direct option that is supposed to provide a
compatibility/escape mechanism with full iptables functionality
Le jeudi 15 novembre 2012 à 03:23 +0100, Kevin Kofler a écrit :
iptables rules are a long-established cross-
distribution interface
Not really. For example, ubuntu use ufw, mandriva used shorewall. Debian
offered several frontend, but IIRC, didn't use one by default.
And I have worked as
Am 15.11.2012 13:33, schrieb Michael Scherer:
Le jeudi 15 novembre 2012 à 03:23 +0100, Kevin Kofler a écrit :
iptables rules are a long-established cross-
distribution interface
Not really. For example, ubuntu use ufw, mandriva used shorewall. Debian
offered several frontend, but IIRC,
On Thu, 2012-11-15 at 14:48 +0100, Reindl Harald wrote:
Am 15.11.2012 13:33, schrieb Michael Scherer:
Le jeudi 15 novembre 2012 à 03:23 +0100, Kevin Kofler a écrit :
iptables rules are a long-established cross-
distribution interface
Not really. For example, ubuntu use ufw, mandriva
Am 15.11.2012 18:06, schrieb Adam Williamson:
On Thu, 2012-11-15 at 14:48 +0100, Reindl Harald wrote:
Am 15.11.2012 13:33, schrieb Michael Scherer:
Not really. For example, ubuntu use ufw, mandriva used shorewall. Debian
offered several frontend, but IIRC, didn't use one by default
and
On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 18:06, schrieb Adam Williamson:
Right. I hate to say it, but Harald is correct here: AFAIK, all those
and other firewall configuration mechanisms were ultimately just
UI/abstraction layers wrapped around
On Thu, 2012-11-15 at 19:02 +0100, Miloslav Trmač wrote:
On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 18:06, schrieb Adam Williamson:
Right. I hate to say it, but Harald is correct here: AFAIK, all those
and other firewall configuration
On Thu, Nov 15, 2012 at 7:10 PM, Adam Williamson awill...@redhat.com wrote:
On Thu, 2012-11-15 at 19:02 +0100, Miloslav Trmač wrote:
On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald h.rei...@thelounge.net
wrote:
Am 15.11.2012 18:06, schrieb Adam Williamson:
Right. I hate to say it, but
On Thu, Nov 15, 2012 at 10:10:43AM -0800, Adam Williamson wrote:
Sure, but the background here was the 'replace vs. augment' question -
is firewalld actually planned to replace iptables in the long run, or
are we committed to maintaining iptables as an alternative mechanism? It
sounds like
Am 15.11.2012 19:02, schrieb Miloslav Trmač:
On Thu, Nov 15, 2012 at 6:16 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 18:06, schrieb Adam Williamson:
Right. I hate to say it, but Harald is correct here: AFAIK, all those
and other firewall configuration mechanisms were
Am 15.11.2012 19:16, schrieb Miloslav Trmač:
(as far as I understand the situation:) iptables as a kernel
interface and a low-level command will exist, but applications will
expect the existence of the firewalld D-Bus service (as opposed to the
system-config-firewall D-Bus service, at
On Thu, Nov 15, 2012 at 7:08 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 19:02, schrieb Miloslav Trmač:
It would be very helpful for judging the maturity/suitability of
firewalld if you could try converting your iptables script to
firewall-cmd --direct (which, at least I
Am 15.11.2012 19:27, schrieb Miloslav Trmač:
On Thu, Nov 15, 2012 at 7:08 PM, Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 19:02, schrieb Miloslav Trmač:
It would be very helpful for judging the maturity/suitability of
firewalld if you could try converting your iptables script
On Thu, 15 Nov 2012 19:30:27 +0100
Reindl Harald h.rei...@thelounge.net wrote:
Am 15.11.2012 19:27, schrieb Miloslav Trmač:
On Thu, Nov 15, 2012 at 7:08 PM, Reindl Harald
h.rei...@thelounge.net wrote:
Am 15.11.2012 19:02, schrieb Miloslav Trmač:
It would be very helpful for judging the
Am 15.11.2012 19:37, schrieb Kevin Fenzi:
Have you actually _tried_? It's supposed to be as easy as
s/iptables/firewall-cmd --direct --passthrough ipv4/
I don't know for a fact whether it is good enough. You seem to
have a script that could tell us.
i posted a script realier this day as
On Thu, 2012-11-15 at 19:46 +0100, Reindl Harald wrote:
Am 15.11.2012 19:37, schrieb Kevin Fenzi:
Have you actually _tried_? It's supposed to be as easy as
s/iptables/firewall-cmd --direct --passthrough ipv4/
I don't know for a fact whether it is good enough. You seem to
have a
Am 15.11.2012 19:58, schrieb Adam Williamson:
I don't think anyone asked you to do any of those things. Fedora
obviously does not have the power to replace iptables with firewalld on
your router, so the question is not 'can you replace iptables with
firewalld on everything in your network
On Wed, Nov 14, 2012 at 2:35 AM, Matthew Miller
mat...@fedoraproject.org wrote:
Well. I may be a little bit cynical on this, but I think the unsteered drift
of this kind of thing goes like this:
1. Shiny new feature covers the desktop case, so let's make it the default
in Fedora.
2. Don't
On Wed, Nov 14, 2012 at 11:34:56AM +0100, Miloslav Trmač wrote:
AFAIK the major things for our usual use cases are covered, at least
going by the F17 criteria. Sure, there may be more things missing.
Adam asked to keep those other things to the other thread, so I'll just
touch on the
Am 14.11.2012 01:52, schrieb Adam Williamson:
I don't think that maintaining iptables/s-c-f forever as a 'lightweight
alternative' to firewalld is the way to go
IT IS the way to go!
not as default, not supported via GUI is OK
but iptables.service and configuration with shellscripts is what
Miloslav Trmač wrote:
Looking at hour original warning flag: Squeezing every last megabyte
out of the running system for cloud is a really new thing that we
haven't historically required. Sure, it would be great to make
firewalld smaller (and rewriting firewalld to C is one of those things
On Sat, 2012-11-10 at 14:40 -0500, Matthew Miller wrote:
On Sat, Nov 10, 2012 at 11:15:31AM -0700, Stephen John Smoogen wrote:
is entirely irrelevant. To achieve the above, we don't need to make sure
that the default configuration leaves port 22 open when firewalld is
installed, but that
On Tue, Nov 13, 2012 at 04:31:46PM -0800, Adam Williamson wrote:
Well with firewalld not installed and no iptables configs.. I would
believe that the default would be everything open... unless some other
This is indeed the case.
And that's clearly not what we want. I thought it kind of
On Tue, 2012-11-13 at 19:44 -0500, Matthew Miller wrote:
On Tue, Nov 13, 2012 at 04:31:46PM -0800, Adam Williamson wrote:
Well with firewalld not installed and no iptables configs.. I would
believe that the default would be everything open... unless some other
This is indeed the case.
On Tue, Nov 13, 2012 at 04:52:47PM -0800, Adam Williamson wrote:
Well, sure, but you seem to be drifting the discussion a bit (or I did,
I've been out of town for the weekend, it gets confusing). As I recall
things, the basic goal we were working towards in this thread was the
reduction of the
On Tue, 2012-11-13 at 20:35 -0500, Matthew Miller wrote:
like that. Someone else might want to advocate that, but I'm not. Since
I now figured out to my own satisfaction that we can't just ditch
firewalld from the minimal install, the focus in the context of this
goal should be on
On 9 November 2012 18:46, Adam Williamson awill...@redhat.com wrote:
On Fri, 2012-11-09 at 20:39 -0500, Matthew Miller wrote:
On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
it maybe doesn't actually need to be). So perhaps we should change
firewalld to default to opening
On Sat, Nov 10, 2012 at 11:15:31AM -0700, Stephen John Smoogen wrote:
is entirely irrelevant. To achieve the above, we don't need to make sure
that the default configuration leaves port 22 open when firewalld is
installed, but that the default configuration leaves port 22 open when
On Thu, 2012-11-08 at 14:18 -0500, Bill Nottingham wrote:
FYI, re: firewalld minimal install.
firewalld isn't in the minimal comps groups. However, it's pulled in
by anaconda, see pyanaconda/install.py:
# anaconda requires storage packages in order to make sure the target
#
On Fri, Nov 09, 2012 at 07:12:50AM -0500, Matthias Clasen wrote:
firewalld isn't in the minimal comps groups. However, it's pulled in
by anaconda, see pyanaconda/install.py:
# anaconda requires storage packages in order to make sure the target
# system is bootable and configurable,
On 11/09/2012 01:34 PM, Matthew Miller wrote:
On Fri, Nov 09, 2012 at 07:12:50AM -0500, Matthias Clasen wrote:
firewalld isn't in the minimal comps groups. However, it's pulled in
by anaconda, see pyanaconda/install.py:
# anaconda requires storage packages in order to make sure the target
On Fri, Nov 09, 2012 at 01:41:08PM +, Jóhann B. Guðmundsson wrote:
You might want to remove plymouth from the minimal install since it
does not make sense having it there anyway
Yes probably. Anyone know why it's there?
I'm starting to think that a dedicated list for the minimal core sig
On Fri, 9 Nov 2012 08:53:19 -0500
Matthew Miller mat...@fedoraproject.org wrote:
On Fri, Nov 09, 2012 at 01:41:08PM +, Jóhann B. Guðmundsson
wrote:
You might want to remove plymouth from the minimal install since it
does not make sense having it there anyway
Yes probably. Anyone know
On Fri, Nov 09, 2012 at 09:16:24AM -0700, Kevin Fenzi wrote:
Yes probably. Anyone know why it's there?
IIRC, even if you 'disable' it, plymouth is still the thing handing the
text mode output. Perhaps some plymouth folks would chime in here...
I removed it from my test vm with no apparent
On Fri, 9 Nov 2012 11:20:08 -0500
Matthew Miller mat...@fedoraproject.org wrote:
On Fri, Nov 09, 2012 at 09:16:24AM -0700, Kevin Fenzi wrote:
Yes probably. Anyone know why it's there?
IIRC, even if you 'disable' it, plymouth is still the thing handing
the text mode output. Perhaps some
Le Ven 9 novembre 2012 17:35, Kevin Fenzi a écrit :
On Fri, 9 Nov 2012 11:20:08 -0500
Matthew Miller mat...@fedoraproject.org wrote:
On Fri, Nov 09, 2012 at 09:16:24AM -0700, Kevin Fenzi wrote:
Yes probably. Anyone know why it's there?
IIRC, even if you 'disable' it, plymouth is still
Jóhann B. Guðmundsson (johan...@gmail.com) said:
The storage packages are going to be needed for the system to boot.
Anaconda could probably add some smarts to remove authconfig if it wasn't
pulled in by anything in the selected comps, but I'm not sure it'd be worth
the special logic -- we
On Fri, 09.11.12 08:53, Matthew Miller (mat...@fedoraproject.org) wrote:
On Fri, Nov 09, 2012 at 01:41:08PM +, Jóhann B. Guðmundsson wrote:
You might want to remove plymouth from the minimal install since it
does not make sense having it there anyway
Yes probably. Anyone know why it's
Am 09.11.2012 17:35, schrieb Kevin Fenzi:
On Fri, 9 Nov 2012 11:20:08 -0500
Matthew Miller mat...@fedoraproject.org wrote:
On Fri, Nov 09, 2012 at 09:16:24AM -0700, Kevin Fenzi wrote:
Yes probably. Anyone know why it's there?
IIRC, even if you 'disable' it, plymouth is still the thing
On Fri, 2012-11-09 at 07:12 -0500, Matthias Clasen wrote:
On Thu, 2012-11-08 at 14:18 -0500, Bill Nottingham wrote:
FYI, re: firewalld minimal install.
firewalld isn't in the minimal comps groups. However, it's pulled in
by anaconda, see pyanaconda/install.py:
# anaconda
On Fri, 2012-11-09 at 15:06 -0800, Adam Williamson wrote:
Right now it seems like anaconda actually just throws firewalld into the
target package set in absolutely all cases, like it does with
authconfig, which I think is wrong. As the above makes clear, it only
really makes sense to use
On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
it maybe doesn't actually need to be). So perhaps we should change
firewalld to default to opening port 22.
+1, even having read the rest of this message.
Same with iptables if firewalld is not installed by default.
--
On Fri, 2012-11-09 at 20:39 -0500, Matthew Miller wrote:
On Fri, Nov 09, 2012 at 03:24:02PM -0800, Adam Williamson wrote:
it maybe doesn't actually need to be). So perhaps we should change
firewalld to default to opening port 22.
+1, even having read the rest of this message.
Same
On Thu, Nov 8, 2012 at 4:35 AM, Matthew Miller mat...@fedoraproject.org wrote:
On Wed, Nov 07, 2012 at 07:56:30PM -0800, Adam Williamson wrote:
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed to be in minimal. I'm sure twoerner would
welcome help in
On Thu, Nov 08, 2012 at 06:47:58AM +, Peter Robinson wrote:
Maybe we could have a release criterion which states that the minimal
install doesn't have anything which pulls in the X libraries (or Wayland)?
That's not a _completely_ arbitrary line in the sand. Probably the issue
here is
Matthew Miller (mat...@fedoraproject.org) said:
On Wed, Nov 07, 2012 at 07:56:30PM -0800, Adam Williamson wrote:
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed to be in minimal. I'm sure twoerner would
welcome help in pruning the deps if it's
Adam Williamson (awill...@redhat.com) said:
In case anyone noticed minimal install got rather bigger between Alpha
and Beta - I did too. And I finally got around to figuring out why and
filing a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=874378
long story short, it's firewalld. Its
On 11/08/2012 06:37 PM, Bill Nottingham wrote:
Matthew Miller (mat...@fedoraproject.org) said:
On Wed, Nov 07, 2012 at 07:56:30PM -0800, Adam Williamson wrote:
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed to be in minimal. I'm sure twoerner would
On Thu, Nov 08, 2012 at 02:18:09PM -0500, Bill Nottingham wrote:
firewalld isn't in the minimal comps groups. However, it's pulled in
by anaconda, see pyanaconda/install.py:
# anaconda requires storage packages in order to make sure the target
# system is bootable and configurable, and
In case anyone noticed minimal install got rather bigger between Alpha
and Beta - I did too. And I finally got around to figuring out why and
filing a bug:
https://bugzilla.redhat.com/show_bug.cgi?id=874378
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed
On Wed, Nov 07, 2012 at 07:56:30PM -0800, Adam Williamson wrote:
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed to be in minimal. I'm sure twoerner would
welcome help in pruning the deps if it's possible. it should at least be
possible for it not to
52 matches
Mail list logo