Linux Gets Dynamic Firewalls In Fedora 15

darthcamaro writes "Linux users have long relied on iptables for in-distro firewall setup. The upcoming Fedora 15 release changes that and introduces us to new dynamic firewall technology. 'Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall,' Fedora Project Leader Jared Smith said. 'Fedora 15 is really the first mainstream operating system to have a dynamic firewall where you can add or change rules and keep the firewall up and responding while you're making changes.'"

Re:reloading?

[LordHatrus]

I believe what they're trying to say is that it's more akin to the Windows world of things - "Hey, this apache-thing is trying to bind to port 80... do you want to let it through the firewall?"

Seriously?

[The O Rly Factor]

/sbin/service iptables save
/sbin/service iptables restart

You really CAN'T take the time out of your day to type that?

Re:WTF??

[miknix]

Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall

Can please someone explain me what's wrong with appending and deleting a firewall rule:

$ iptables -A INPUT -p tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
$ iptables -D INPUT 2

where on earth does this need iptables to be restarted?

if we want to save the firewall state:

$ iptables-save > /root/ipt.state

where /root/ipt.state is just a human readable file

and then load the firewall state:

$ iptables-restre < /root/ipt.state

AFAIK this is not "restarting" iptables, just replacing the entire ruleset in one shot.
Again, WTF?