On 12/03/2014 08:30 AM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2014-12-03 08:52, Mathias Homann wrote:
On 12/02/2014 04:09 PM, Carlos E. R. wrote:
I certainly want my logs on my laptop.
Then you'd stick with SFW2, of course.
No, the point is that firewalld must generate logs.
For instance, if I connect my lappy on a different (home) network that I don't control, I want to see who/what is trying to connect to my laptop. Or I may want something to connect to me, so I want to see the logs for diagnosing why it does not work.
The logs are generated by the kernel, after all, not by the firewall. The firewall just inserts the needed iptables(?) rules that will later create the log entries.
There are tools and scripts that watch those logs. So not only the logs are needed, but a change in what they print, the format, also breaks the tools. So either firewald generate compatible logs, or all the scripts and tools, from the distributions or from the users, have to adapt.
The impact is large.
I think I haven't made myself clear here:
I am not promoting firewalld as a *replacement* for SFW2, all I'm saying is that there are use cases for a firewall where firewalld might be more suited than SFW2, so we might want to offer it as an alternative.
Well, some people here oppose strongly to having two methods and having to maintain both.
- -- Cheers / Saludos,
Carlos E. R.
As discussed earlier in this thread. I like the idea of importing with ruby - the "best of" from firewalld into a newer module version of the Yast Firewall. Cheers! Roman ----------------------------------- openSUSE Open Minds Open Sources Open Future ----------------------------------- http://linuxcounter.net/ #179293 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org