I'm in a similar boat to Neal. I want to look into migrating from IPTables to FirewallD before I'm forced too, but the documentation out there seems to be woefully inadequate so far. As far as I can tell the functionality isn't much better for my needs, but that might just be a symptom of the documentation.
My current situation is that I run a few public facing daemons on a box behind a separate physical firewall that allows the necessary traffic through and blocks the rest. I then use IP Tables to provide extensive (several hundred rules worth) filtering of traffic to the services on the box. I also have a second ruleset that I enable when I am away from home that enables a few other services for external remote access that I keep disabled otherwise, and switch back and forth with "iptables-restore < /etc/sysconfig/{ruleset file}" as required. I understand what each of the zones do and I've worked out how the rules can be tweaked to support non-standard ports and so on - all the basic stuff is fine. For the life of me, however, I can't figure out how tell FirewallD about my multiple subnets in some of the zones, to include my lengthy sequences of white/black list rules and several other aspects of the configuration without using "--direct". Furthermore there does not seem to be a way of feeding "--direct" a bunch of rules in a file; it looks like it has to be done line by line, which is going to make management of complex firewall rulesets horrific if so. So, what am I missing? Is there any recommended way for providing a human editable ruleset file for FirewallD, or are we really back to writing lengthy custom scripts like the early days of IP Chains only with the added complication of having to parse XML config files? Some pointers to any further reading than the wiki at fedoraproject.org would be greatly appreciated! -- Andy The only person to have all his work done by Friday was Robinson Crusoe -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org