So, to claim I don't "understand the proposal at all" was either an attempt to discredit me or carelessly expressed hyperbole which was quite impolite, considering the phrasing.What Mattias proposed was disabling the service and thus probably not installing the GUI by default.
It has nothing to do with not installing a GUI.
To my knowledge, the zones are exposed through both the network manager GUI and firewalld gui (both installed by default, I believe). Implicitly this is addressing those GUIs. Even if not, it is addressing the USER EXPOSED zone manipulation. Please, explain how this has NOTHING to do with a GUI(i'm not sure what you mean by "installed" since firewalld/nm gui seems to be part of the default install, and has been for a few releases so this proposal).Originally Posted by Mattias;
I don't disagree. My original post was directed at the way the proposal was phrased. The implication being the GUI is too complicated (reference the Mattias quote above). The alternative interpretation would be that manually editing zones is too complicated (presumably through iptables).firewalld is a system level firewall and doesn't require any kind of frontend. The proposal is about disabling the service by default.
In principal it can have any kind of frontend (or nothing more than the text files describing the iptables rules) but in fact we have the one GUI which has been included by default for awhile now.firewalld can have any kind of graphical frontends but those frontends are not part of any desktop environment and is just a distro tool.
Regarding it being a distro tool, i'm afraid I don't see the point.