On Thu, Nov 15, 2012 at 10:10:43AM -0800, Adam Williamson wrote: > Sure, but the background here was the 'replace vs. augment' question - > is firewalld actually planned to replace iptables in the long run, or > are we committed to maintaining iptables as an alternative mechanism? It > sounds like harald would be happy if the latter is the case.
One approach: firewalld could have a "direct-only" mode. If that mode were enabled, it'd load a static script from from /etc/sysconfig/iptables on launch, and respond to any commands other than the "direct" api with an "in direct-only mode" error. Then, firewalld-aware applications could choose to raise a user error or to go to whatever fallback they have. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mat...@fedoraproject.org> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
