On 04/21/2017 01:42 PM, Jason DeTiberus wrote:
> While I can see firewalld improving the situation wrt documenting how to add/persist firewall changes for Atomic Host (especially when using moby/docker), I think there is a bigger concern with firewalld being absent. If a user is running multiple applications that modify the host firewall (docker, Kubernetes, OpenShift, etc), firewalld provides a way to make firewall modifications in a consistent and repeatable manner, where iptables does not. There is the --wait flag for iptables, however any applications/users that are interacting with iptables will need to ensure they use it consistently.
So you are saying firewalld makes your life easier if it was