Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Red Hat Software Security Linux

Linux Gets Dynamic Firewalls In Fedora 15 176

Posted by Soulskill
from the changing-on-the-fly dept.
darthcamaro writes "Linux users have long relied on iptables for in-distro firewall setup. The upcoming Fedora 15 release changes that and introduces us to new dynamic firewall technology. 'Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall,' Fedora Project Leader Jared Smith said. 'Fedora 15 is really the first mainstream operating system to have a dynamic firewall where you can add or change rules and keep the firewall up and responding while you're making changes.'"
This discussion has been archived. No new comments can be posted.

Linux Gets Dynamic Firewalls In Fedora 15

Comments Filter:
  • Re:reloading? (Score:2, Interesting)

    by LordHatrus (763508) <slashdot AT clockfort DOT com> on Saturday May 21, 2011 @06:08PM (#36204592) Homepage
    I believe what they're trying to say is that it's more akin to the Windows world of things - "Hey, this apache-thing is trying to bind to port 80... do you want to let it through the firewall?"
  • Seriously? (Score:3, Interesting)

    by The O Rly Factor (1977536) on Saturday May 21, 2011 @06:10PM (#36204606)
    /sbin/service iptables save
    /sbin/service iptables restart

    You really CAN'T take the time out of your day to type that?
  • Re:WTF?? (Score:5, Interesting)

    by miknix (1047580) on Saturday May 21, 2011 @06:32PM (#36204746) Homepage

    Most Linux systems use IP tables type firewalls and the problem is that if you want to make a change to the firewall, it's hard to modify on the fly without reloading the entire firewall

    Can please someone explain me what's wrong with appending and deleting a firewall rule:

    $ iptables -A INPUT -p tcp --dport 80 -m state --state ESTABLISHED -j ACCEPT
    $ iptables -D INPUT 2

    where on earth does this need iptables to be restarted?

    if we want to save the firewall state:

    $ iptables-save > /root/ipt.state

    where /root/ipt.state is just a human readable file

    and then load the firewall state:

    $ iptables-restre < /root/ipt.state

    AFAIK this is not "restarting" iptables, just replacing the entire ruleset in one shot.
    Again, WTF?

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.

Working...