Welcome to the Linux Foundation Forum!

One approach to rule them all?

I was just wondering, in the terms used by LFS201, if "modern" is to be read as "whatever Red Hat prefer at the moment", and "legacy" means "used by other distribution families"?

The Firewalls chapter seems -- to this user of Debian derivatives at least -- to be all about skipping over other approaches and zeroing in on the RH/systemd approach as embodied by firewalld and firewall-cmd. More or less to the exclusion of all others, including the "legacy" iptables. I'm not sure whether "drop what you're doing and install Red Hat's alternative" is as educational as it is indoctrinaire.

I appreciate that space is limited, and that you can't cover every last angle. But perhaps these limitations can be met without glossing over or ignoring non-RH practices. A great deal of the examples seem to start with the RH way of doing things first, and others later if at all.


  • coop
    coop Posts: 882
    It is not a pro Red-Hat bias. All the distros are moving to firewalld. (and it is not a systemd bias either).

    iptables is covered thoroughly in the next course (LFS230), but firewalling in general is not supposed to be covered much if at all in the LFCS exam. iptables is rather complicated to give a simple introduction to and that is the reason it is not really discussed. It is easy to use firewalld on Debian-derivatives and all the distros still cover iptables.

    We have worked hard to make sure everthing is tested on redhat, suse and ubuntu and debian. Whenver it doesn't someone tells us and we fix it. However, red hat does have the vast lionshare of the Enterprise market and most of our students who work in sys admin are on redhat of some form. So we have to be doubly sure about it working on RH.

    So I'm sorry we give iptables short shrift. If you have ever tried to write a short description of iptables that gives enough information to actually be used (rather than to destroy a system) you know what i mean. firewalld is actually simpler and more future oriented and we try to train people in the future.

    Thanks for your concern and patience
  • So I take it ufw isn't going to get me very far?
  • coop
    coop Posts: 882
    Sorry for delay in responding. I have nothing against ufw and it seems to be mostly a ubuntu/debian oriented facility. It is mentioned in the text but not expounded on.
    If we were writing a detailed thing on firewalls it would deserve a fair treatment.

    The choice of firewalld was to teach concepts plus the fact it is available on all distros so we don't have to say on Ubuntu using ufw do this, on RedHat using firewalld use this, etc, and we get lost in the weeds. We could have done this with iptables, which while it is familiar with sysadmins, is hard for a newcomer to grok -- that is why it is done in detail in the next course, LFS230. And so is ufw (discussed in LFS230)
    in some depth, though not as much depth as iptables. We can't do everything in one course.


Upcoming Training