Linux Gets Dynamic Firewalls In Fedora 15 176
darthcamaro writes "Linux users have long relied on iptables for in-distro firewall setup. The upcoming Fedora 15 release changes that and introduces us to new dynamic firewall technology. 'Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall,' Fedora Project Leader Jared Smith said. 'Fedora 15 is really the first mainstream operating system to have a dynamic firewall where you can add or change rules and keep the firewall up and responding while you're making changes.'"
Re:reloading? (Score:2, Interesting)
Seriously? (Score:3, Interesting)
You really CAN'T take the time out of your day to type that?
Re:WTF?? (Score:5, Interesting)
Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall
Can please someone explain me what's wrong with appending and deleting a firewall rule:
$ iptables -A INPUT -p tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
$ iptables -D INPUT 2
where on earth does this need iptables to be restarted?
if we want to save the firewall state:
/root/ipt.state
$ iptables-save >
where /root/ipt.state is just a human readable file
and then load the firewall state:
/root/ipt.state
$ iptables-restre <
AFAIK this is not "restarting" iptables, just replacing the entire ruleset in one shot.
Again, WTF?