On 01/22/2014 03:19 PM, poma wrote:
Say whaaat? :)
https://fedoraproject.org/wiki/FirewallD#The_Daemon
"With the so called direct interface other services (like for example
libvirt) are able to add own rules using iptables arguments and parameters."
Hi poma,
Yes, I know they use the direct interface. What I meant was (now that I
know the purpose of the _direct chains), that they should place their
rules in the INPUT_direct & FORWARD_direct chains instead of throwing
them directly in the built-in chains. Better yet, use custom chains
like INPUT_libvirt, FORWARD_libvirt, etc. You see, there's an elegance
on how firewalld creates & uses the different custom-chains. Let's keep
it organized & manageable I think.
BTW, I know I'm not supposed to be looking under the hood (using
iptables -L) while using firewalld, but hey, I'm curious :)
--
Jorge