On 08/21/2012 11:51 AM, Doug Goldstein wrote:
On Thu, Aug 16, 2012 at 1:18 AM, Laine Stump <laine@laine.org> wrote:
From: Thomas Woerner <twoerner@redhat.com>
(This is Thomas v3 version of 1/2 of the firewalld patches, modified to check for firewall-cmd and firewalld state only once, rather than every time an iptables rule is added or removed. It's not intended to be pushed, because I'm still having issues with it, at least on my machine. I'm mostly concerned with item (1) on the list below; the others could be solved later or tolerated.)
* configure.ac, spec file: firewalld defaults to enabled if dbus is available, otherwise is disabled. If --with_firewalld is explicitly requested and dbus is not available, configure will fail. So this means that on distros that ship with D-Bus (most distros that would include libvirt nowadays) the default out of the box would be to assume it has firewalld? Unless --without_firewalld was passed?
Yes, that's correct. But it should be harmless - libvirtd will try calling "firewall-cmd --state", fail because it doesn't exist, then fall back to using iptable/ebtables directly. Definitely try it out and let us know if it causes any trouble though. Part of the reason of push it now is so that it can get a reasonable shakeout between now and the next release.