Subject: | |
From: | |
Reply To: | |
Date: | Tue, 30 Dec 2014 19:54:10 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 12/30/2014 04:02 PM, Peter Boy wrote:
>> Am 30.12.2014 um 12:17 schrieb Karel Lang AFD <[log in to unmask]>:
>>
>> Hi,
>> i already installed couple of SL7 boxes and i have to say, that the menitoned 'firewalld' is the new feature that i like the least.
>>
>> What i do is, i just remove 'firewalld' and install 'iptables'. There i know what to do and there i could help you. But not with this.
>> Firewalld is ugly (imho).
>>
>
>
> I agree that firewalld by far is not the best feature of EL7, at least at the moment. And reading the maintainer’s comment on TUV bugzilla about firewall zone being a matter of NetworkManager and not of firewall I doubt the concept behind that implementation.
>
> I tried iptables, but "systemctl status iptables" indicates again that the process is indeed active, but has terminated. And fail2bain requires firewalld and does not cooperate with iptables anymore. So I suppose I’m stuck with firewalld for now.
That is normal for iptables - the service runs once to configure the
rules, then it is done:
iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled)
Active: active (exited) since Mon 2014-12-22 17:34:33 UTC; 1 weeks 1
days ago
Main PID: 7141 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
You can also remove fail2ban-firewalld (and fireawalld) to remove the
default fail2ban firewalld configuration, and use the iptables actions.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane [log in to unmask]
Boulder, CO 80301 http://www.cora.nwra.com
|
|
|