As with all new packages, firewalld is somewhat of a moving target. iptables has been around and "comfortable" because of familiarity.
I, being somewhat long in the tooth, am a little resistant to change. :-D
Thanks for the work which much be tedious.
John
On 01/24/2014 09:24 AM, Thomas Woerner wrote:
On 01/24/2014 03:10 PM, John Griffiths wrote:
In August of last year, I was told on the list to use ipsets to add ips to the drop list.
Seeing all the traffic on direct chain, should I be going this direction now?
It is good to go in this direction for separation, but it is not a requirement.
I will be having a look at network address sets (ipset) support in firewalld again. I am also thinking about the possibility to support externally generated ipsets.
Regards, John _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Regards, Thomas _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users