Announcement

Collapse
No announcement yet.

Firewalld 1.0 Released With Big Improvements

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Firewalld 1.0 Released With Big Improvements

    Phoronix: Firewalld 1.0 Released With Big Improvements

    Firewalld was started by Red Hat a decade ago for managing Linux firewall functionality with Netfilter. Ten and a half years after the first release, Firewalld 1.0 was released this afternoon...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Alright my little greasy monkeys, who's the first one to complain about firewalld?

    Comment


    • #3
      Originally posted by cl333r View Post
      Alright my little greasy monkeys, who's the first one to complain about firewalld?
      Me It doesn't support rate limitation per source IP address, only global rate limitation which is IMO worse than useless. Maybe it does now in 1.0 though?

      Comment


      • #4
        I just ufw allow 22 and hope for the best

        Comment


        • #5
          Wouldn't it be better to just learn how to manage nftables than learn how to manage a service that manages nftables?

          Comment


          • #6
            Originally posted by lyamc View Post
            I just ufw allow 22 and hope for the best
            UFW is good for what it does, but apart from limited distro support it also has too many drawbacks:
            • AFAIK it's still based on iptables, not nftables
            • It doesn't support zones and doesn't integrate well with network manager
            • it's static and basically only useful for static servers
            • it doesn't integrate well with podman or other container environments
            • it has no GUI

            Comment


            • #7
              Originally posted by Chugworth View Post
              Wouldn't it be better to just learn how to manage nftables than learn how to manage a service that manages nftables?
              Wouldn't it be better to learn assembly than learn a language that compiles to assembly?

              Wouldn't it be better to learn how to set the colours of pixels on the screen than learn an API that renders pixels on the screen?

              Wouldn't it be better to learn how to send/receive ethernet frames rather than use application-level protocols that send and receive ethernet frames?

              Comment


              • #8
                Originally posted by jacob View Post

                Wouldn't it be better to learn assembly than learn a language that compiles to assembly?

                Wouldn't it be better to learn how to set the colours of pixels on the screen than learn an API that renders pixels on the screen?

                Wouldn't it be better to learn how to send/receive ethernet frames rather than use application-level protocols that send and receive ethernet frames?

                Comment


                • #9
                  Originally posted by jacob View Post

                  Wouldn't it be better to learn assembly than learn a language that compiles to assembly?

                  Wouldn't it be better to learn how to set the colours of pixels on the screen than learn an API that renders pixels on the screen?

                  Wouldn't it be better to learn how to send/receive ethernet frames rather than use application-level protocols that send and receive ethernet frames?
                  The difference is, working with nftables is not so hard.

                  Comment


                  • #10
                    Originally posted by jacob View Post

                    Wouldn't it be better to learn assembly than learn a language that compiles to assembly?
                    Actually yes I wish more people would do this in some cases.

                    Comment

                    Working...
                    X