Forgot your password?
typodupeerror
Red Hat Software Security Linux

Linux Gets Dynamic Firewalls In Fedora 15 176

Posted by Soulskill
from the changing-on-the-fly dept.
darthcamaro writes "Linux users have long relied on iptables for in-distro firewall setup. The upcoming Fedora 15 release changes that and introduces us to new dynamic firewall technology. 'Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall,' Fedora Project Leader Jared Smith said. 'Fedora 15 is really the first mainstream operating system to have a dynamic firewall where you can add or change rules and keep the firewall up and responding while you're making changes.'"
This discussion has been archived. No new comments can be posted.

Linux Gets Dynamic Firewalls In Fedora 15

Comments Filter:
  • Re:reloading? (Score:2, Interesting)

    by LordHatrus (763508) <slashdotNO@SPAMclockfort.com> on Saturday May 21, 2011 @06:08PM (#36204592) Homepage
    I believe what they're trying to say is that it's more akin to the Windows world of things - "Hey, this apache-thing is trying to bind to port 80... do you want to let it through the firewall?"
  • Seriously? (Score:3, Interesting)

    by The O Rly Factor (1977536) on Saturday May 21, 2011 @06:10PM (#36204606)
    /sbin/service iptables save
    /sbin/service iptables restart

    You really CAN'T take the time out of your day to type that?
  • Re:WTF?? (Score:5, Interesting)

    by miknix (1047580) on Saturday May 21, 2011 @06:32PM (#36204746) Homepage

    Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall

    Can please someone explain me what's wrong with appending and deleting a firewall rule:

    $ iptables -A INPUT -p tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
    $ iptables -D INPUT 2

    where on earth does this need iptables to be restarted?

    if we want to save the firewall state:

    $ iptables-save > /root/ipt.state

    where /root/ipt.state is just a human readable file

    and then load the firewall state:

    $ iptables-restre < /root/ipt.state

    AFAIK this is not "restarting" iptables, just replacing the entire ruleset in one shot.
    Again, WTF?

Repel them. Repel them. Induce them to relinquish the spheroid. - Indiana University fans' chant for their perennially bad football team

Working...