Fedora-17-Beta-x86_64-Live-Desktop.iso
http://fedoraproject.org/wiki/FirewallD suggests I should have firewall-config. "The configuration tool firewall-config is the main configuration tool for the firewall daemon."
But I'm not finding firewall-config. So unlike with iptables, where I had a GUI Firewall app, now I no longer have an easy or obvious way of altering the default behavior and I'm in effect stuck without ssh.
Seems the missing firewall-config is probably an oversight, and it needs to be included on LiveCD installs, and default DVD installs as well.
Chris Murphy
On 03/24/2012 10:09 PM, Chris Murphy wrote:
Fedora-17-Beta-x86_64-Live-Desktop.iso
http://fedoraproject.org/wiki/FirewallD suggests I should have firewall-config. "The configuration tool firewall-config is the main configuration tool for the firewall daemon."
But I'm not finding firewall-config. So unlike with iptables, where I had a GUI Firewall app, now I no longer have an easy or obvious way of altering the default behavior and I'm in effect stuck without ssh.
Seems the missing firewall-config is probably an oversight, and it needs to be included on LiveCD installs, and default DVD installs as well.
Chris Murphy
firewalld-config is not finished, yet. I am working on it.
Thomas
On Mar 26, 2012, at 4:21 AM, Thomas Woerner wrote:
firewalld-config is not finished, yet. I am working on it.
This is still not in F17 beta RC4 which means it's not going to be in the beta at all. I'm a little mystified why firewalld would ship as the default firewall without the *primary* configuration tool being available for testing.
firewall-cmd is irritating to use. man firewall-cmd and firewall-cmd -h return two different results. My SOP at the moment is having systemd stop and disable firewalld in order to actually get work done.
Is the plan still to ship firewalld as the default in F17 final? I personally think this needs to be regressed and give firewalld more time to bake.
Chris Murphy
On 04/13/2012 07:13 PM, Chris Murphy wrote:
On Mar 26, 2012, at 4:21 AM, Thomas Woerner wrote:
firewalld-config is not finished, yet. I am working on it.
This is still not in F17 beta RC4 which means it's not going to be in the beta at all. I'm a little mystified why firewalld would ship as the default firewall without the *primary* configuration tool being available for testing.
firewall-cmd is irritating to use. man firewall-cmd and firewall-cmd -h return two different results. My SOP at the moment is having systemd stop and disable firewalld in order to actually get work done.
firewall-config is the graphical config tool. firewall-cmd is the command line config tool. The man page for firewall-cmd is outdated. There will be an update package this week with new and also updated man pages.
Is the plan still to ship firewalld as the default in F17 final? I personally think this needs to be regressed and give firewalld more time to bake.
Chris Murphy
Thomas
On Tue, 2012-04-17 at 15:43 +0200, Thomas Woerner wrote:
On 04/13/2012 07:13 PM, Chris Murphy wrote:
On Mar 26, 2012, at 4:21 AM, Thomas Woerner wrote:
firewalld-config is not finished, yet. I am working on it.
This is still not in F17 beta RC4 which means it's not going to be in the beta at all. I'm a little mystified why firewalld would ship as the default firewall without the *primary* configuration tool being available for testing.
firewall-cmd is irritating to use. man firewall-cmd and firewall-cmd -h return two different results. My SOP at the moment is having systemd stop and disable firewalld in order to actually get work done.
firewall-config is the graphical config tool. firewall-cmd is the command line config tool. The man page for firewall-cmd is outdated. There will be an update package this week with new and also updated man pages.
The point is that firewall-config still doesn't appear to exist. It is not present at all in firewalld-0.2.4-1.fc17.noarch.rpm . I agree with Chris and others on test@ who are concerned that post-Beta is rather late for the graphical configuration tool to show up, if it's going to show at all. Was FESCo aware of this when voting on the acceptance of firewalld as a late feature?
I do not see anything in the f17 feature page describing any graphical configuration tool. But I also agree that gui configuratio is needed, otherwise it will probably be really difficult to do things like connect via ssh or share via rygel or other dlna server. On Apr 17, 2012 6:32 PM, "Adam Williamson" awilliam@redhat.com wrote:
On Tue, 2012-04-17 at 15:43 +0200, Thomas Woerner wrote:
On 04/13/2012 07:13 PM, Chris Murphy wrote:
On Mar 26, 2012, at 4:21 AM, Thomas Woerner wrote:
firewalld-config is not finished, yet. I am working on it.
This is still not in F17 beta RC4 which means it's not going to be in
the beta at all. I'm a little mystified why firewalld would ship as the default firewall without the *primary* configuration tool being available for testing.
firewall-cmd is irritating to use. man firewall-cmd and firewall-cmd
-h return two different results. My SOP at the moment is having systemd stop and disable firewalld in order to actually get work done.
firewall-config is the graphical config tool. firewall-cmd is the command line config tool. The man page for firewall-cmd is outdated. There will be an update package this week with new and also updated man pages.
The point is that firewall-config still doesn't appear to exist. It is not present at all in firewalld-0.2.4-1.fc17.noarch.rpm . I agree with Chris and others on test@ who are concerned that post-Beta is rather late for the graphical configuration tool to show up, if it's going to show at all. Was FESCo aware of this when voting on the acceptance of firewalld as a late feature? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
On Apr 17, 2012, at 1:49 PM, Andreas Tunek wrote:
I do not see anything in the f17 feature page describing any graphical configuration tool. But I also agree that gui configuratio is needed, otherwise it will probably be really difficult to do things like connect via ssh or share via rygel or other dlna server.
http://fedoraproject.org/wiki/FirewallD#Graphical_Configuration_Tool
"firewall-config is the main configuration tool"
On Tuesday, April 17, 2012, 4:15:53 PM, Chris Murphy wrote:
On Apr 17, 2012, at 1:49 PM, Andreas Tunek wrote:
I do not see anything in the f17 feature page describing any graphical configuration tool. But I also agree that gui configuratio is needed, otherwise it will probably be really difficult to do things like connect via ssh or share via rygel or other dlna server.
http://fedoraproject.org/wiki/FirewallD#Graphical_Configuration_Tool "firewall-config is the main configuration tool"
It also says "is"... but in spite of the use of the present tense, that tool is not available on the Fedora 17 Beta.?
This begs the questions: - Is it currently available for installation and testing with the beta? - Will it be available for the Fedora 17 GA? - Will firewall-config be reasonably well tested by GA? - What confidence does Fesco have in the resulting GA under these circumstances?
On Apr 17, 2012, at 2:32 PM, Al Dunsmuir wrote:
On Tuesday, April 17, 2012, 4:15:53 PM, Chris Murphy wrote:
On Apr 17, 2012, at 1:49 PM, Andreas Tunek wrote:
I do not see anything in the f17 feature page describing any graphical configuration tool. But I also agree that gui configuratio is needed, otherwise it will probably be really difficult to do things like connect via ssh or share via rygel or other dlna server.
http://fedoraproject.org/wiki/FirewallD#Graphical_Configuration_Tool "firewall-config is the main configuration tool"
It also says "is"... but in spite of the use of the present tense, that tool is not available on the Fedora 17 Beta.?
Negative.
I speculate many or most people disable firewalld. This was an explicit recommendation during Virtualization Test Day. So it's not just the config tool that isn't getting as much testing as it otherwise would. For the LiveCD, it needs to be a GUI configurable, and work, because firewalld is enabled by default.
If reversion is going to occur back to iptables and its Firewall tool, slipping that in a final RC seems risky. That combo hasn't been tested since early alpha. And in effect neither firewall package is getting nearly as much testing before final.
I feel that firewalld's updated man pages and GUI config tool need to appear by final TC1, or reversion should occur.
Chris Murphy
On 04/17/2012 11:17 PM, Chris Murphy wrote:
On Apr 17, 2012, at 2:32 PM, Al Dunsmuir wrote:
On Tuesday, April 17, 2012, 4:15:53 PM, Chris Murphy wrote:
On Apr 17, 2012, at 1:49 PM, Andreas Tunek wrote:
I do not see anything in the f17 feature page describing any graphical configuration tool. But I also agree that gui configuratio is needed, otherwise it will probably be really difficult to do things like connect via ssh or share via rygel or other dlna server.
http://fedoraproject.org/wiki/FirewallD#Graphical_Configuration_Tool "firewall-config is the main configuration tool"
It also says "is"... but in spite of the use of the present tense, that tool is not available on the Fedora 17 Beta.?
Negative.
I speculate many or most people disable firewalld. This was an explicit recommendation during Virtualization Test Day. So it's not just the config tool that isn't getting as much testing as it otherwise would. For the LiveCD, it needs to be a GUI configurable, and work, because firewalld is enabled by default.
I am working with libvirt upstream to get firewalld support in libvirt. There are patches for firewalld support in libvirt, but without firewalld reload support. The dbus code is not working corrytly in libvirt, currently.
If reversion is going to occur back to iptables and its Firewall tool, slipping that in a final RC seems risky. That combo hasn't been tested since early alpha. And in effect neither firewall package is getting nearly as much testing before final.
I feel that firewalld's updated man pages and GUI config tool need to appear by final TC1, or reversion should occur.
The man pages and more documentation will be released in a new package this week. firewall-config will not be finished before F-17 GOLD.
Chris Murphy
Thomas
On Thu, 19 Apr 2012 11:40:52 +0200 Thomas Woerner twoerner@redhat.com wrote:
...snip...
The man pages and more documentation will be released in a new package this week. firewall-config will not be finished before F-17 GOLD.
Would it be possible to update the feature page with what is currently working, done, landed in F17?
Everything else really needs to move to F18 at this point. After beta is not the time to be landing new features, heavily changing code or switching behavior.
Do we need to enact the fallback plan here and move the entire feature to F18?
kevin
On Thu, Apr 19, 2012 at 08:38:10AM -0600, Kevin Fenzi wrote:
Would it be possible to update the feature page with what is currently working, done, landed in F17?
Everything else really needs to move to F18 at this point. After beta is not the time to be landing new features, heavily changing code or switching behavior.
Do we need to enact the fallback plan here and move the entire feature to F18?
Process would tend to suggest so. Thomas, what's involved in reverting it at this point? We should probably discuss this in fesco next week.
On Thu, 2012-04-19 at 08:38 -0600, Kevin Fenzi wrote:
On Thu, 19 Apr 2012 11:40:52 +0200 Thomas Woerner twoerner@redhat.com wrote:
...snip...
The man pages and more documentation will be released in a new package this week. firewall-config will not be finished before F-17 GOLD.
Would it be possible to update the feature page with what is currently working, done, landed in F17?
Everything else really needs to move to F18 at this point. After beta is not the time to be landing new features, heavily changing code or switching behavior.
Do we need to enact the fallback plan here and move the entire feature to F18?
I think that should be seriously considered. Like Chris, I'm not terribly comfortable with the idea of shipping a default firewall that has no graphical configuration tool, and a command line one which will be entirely unfamiliar to people. It seems like a recipe for pain. I also agree with Chris that if we're going to do it, we should do it *now*, not wait until we're halfway through validation.
Could we bung this on the agenda for the next FESCo meeting?
On Thu, Apr 19, 2012 at 8:16 PM, Adam Williamson awilliam@redhat.com wrote:
Could we bung this on the agenda for the next FESCo meeting?
Already added: https://fedorahosted.org/fesco/ticket/838 Mirek
On Apr 19, 2012, at 12:16 PM, Adam Williamson wrote:
I think that should be seriously considered. Like Chris, I'm not terribly comfortable with the idea of shipping a default firewall that has no graphical configuration tool, and a command line one which will be entirely unfamiliar to people. It seems like a recipe for pain. I also agree with Chris that if we're going to do it, we should do it *now*, not wait until we're halfway through validation.
Could we bung this on the agenda for the next FESCo meeting?
Network Zones would appear to be a casualty of reversion.
https://fedoraproject.org/wiki/Features/network-zones
Chris Murphy
On 04/19/2012 10:55 PM, Chris Murphy wrote:
On Apr 19, 2012, at 12:16 PM, Adam Williamson wrote:
I think that should be seriously considered. Like Chris, I'm not terribly comfortable with the idea of shipping a default firewall that has no graphical configuration tool, and a command line one which will be entirely unfamiliar to people. It seems like a recipe for pain. I also agree with Chris that if we're going to do it, we should do it *now*, not wait until we're halfway through validation.
Could we bung this on the agenda for the next FESCo meeting?
Network Zones would appear to be a casualty of reversion.
Also https://bugzilla.redhat.com/show_bug.cgi?id=591630 would emerge again.
-- Jiri
On Apr 20, 2012, at 3:21 AM, Jiri Popelka wrote:
On 04/19/2012 10:55 PM, Chris Murphy wrote:
Network Zones would appear to be a casualty of reversion.
Also https://bugzilla.redhat.com/show_bug.cgi?id=591630 would emerge again.
Hmm. Rock vs hard place.
Chris Murphy
On Fri, 2012-04-20 at 12:25 -0600, Chris Murphy wrote:
On Apr 20, 2012, at 3:21 AM, Jiri Popelka wrote:
On 04/19/2012 10:55 PM, Chris Murphy wrote:
Network Zones would appear to be a casualty of reversion.
Also https://bugzilla.redhat.com/show_bug.cgi?id=591630 would emerge again.
Hmm. Rock vs hard place.
591630 can be fixed for iptables / s-c-f (and indeed I believe Thomas already has a fix ready).
On 03/24/2012 10:09 PM, Chris Murphy wrote:
Fedora-17-Beta-x86_64-Live-Desktop.iso
http://fedoraproject.org/wiki/FirewallD suggests I should have firewall-config. "The configuration tool firewall-config is the main configuration tool for the firewall daemon."
But I'm not finding firewall-config. So unlike with iptables, where I had a GUI Firewall app, now I no longer have an easy or obvious way of altering the default behavior and I'm in effect stuck without ssh.
Seems the missing firewall-config is probably an oversight, and it needs to be included on LiveCD installs, and default DVD installs as well.
Chris Murphy
Please use firewall-cmd for now.
Thomas
devel@lists.stg.fedoraproject.org
-
Adam Williamson -
Al Dunsmuir -
Andreas Tunek -
Chris Murphy -
Jiri Popelka -
Kevin Fenzi -
Matthew Garrett -
Miloslav Trmač -
Thomas Woerner