On Fri, 21.03.14 20:02, Florian Weimer (fw(a)deneb.enyo.de) wrote:
* Lennart Poettering:
>> So offer something with equivalent functionality (and config file
>> syntax compatibility), with a nice modern clean API and then systemd
>> and others can be moved over to that 1 by 1, and once we've no more
>> users left we can kill of the old beast ?
>
> Nope. In systemd we already support one subsystem for filtering just
> fine, it's called a firewall.
Does this subsystem support DNS-based rules?
No, firewalls don't do DNS-based filtering, since it's a security nightmare.
Lennart
--
Lennart Poettering, Red Hat