Talk:Features/DynamicFirewall

From FedoraProject

Jump to: navigation, search

Wrangler Review 2010-01-21

  1. Please add a draft release notes
  2. Please add more detailed "How To Test" steps so that someone unfamiliar with this feature can help test it
    1. What special hardware / data / etc. is needed (if any)?
    2. How do I prepare my system to test this feature? What packages need to be installed, config files edited, etc.?
    3. What specific actions do I perform to check that the feature is working like it's supposed to?
    4. What are the expected results of those actions?

After these items are fixed I will send your feature on to FESCo.

Thank you, poelcat 00:13, 22 January 2010 (UTC)

Defining "static".

I have to disagree with the statement "The current firewall model is static and every change requires a complete firewall restart.". IPTables has for a long time been able to to remove and add specific rules without the need for a complete wipe and reread of a full rule-set. If we add in ipsets then we can even change what IP addresses a rule will check against without having to touch the rule. Just because people use the convenience of using the init-script to apply changes does not mean that IPTables is static.

However, if we are talking "static" as in that only specially written admin tools can change the rule set then yes, it is "static".

--Blacke4dawn 23:48, 21 May 2011 (UTC)