Announcement

Collapse
No announcement yet.

Firewalld 2.0 Released With Faster Forwarding Performance Via NFTables Flowtable

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • #1

    Firewalld 2.0 Released With Faster Forwarding Performance Via NFTables Flowtable

    Phoronix: Firewalld 2.0 Released With Faster Forwarding Performance Via NFTables Flowtable

    The Firewalld open-source firewall daemon has been in development since 2011 while only two years ago did it reach the Firewalld 1.0 milestone. Thus it was a bit surprising to find Firewalld 2.0 being released today...

    Firewalld 2.0 Released With Faster Forwarding Performance Via NFTables Flowtable - Phoronix
    https://www.phoronix.com/news/Firewalld-2.0
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    Michael

    Inconsistent spacing/capitalization: "NFTables flowtable" ... "NftablesFlowtable"

    Possibly also want to change "fastpath" to "fast path" as it might have been caught in the same lackofspace.

    • Likes 2

    Comment

    • #3
      Cool, but I still think OpenSnitch is the most intuitive and easy to use firewall.
      All these por-based firewall don't make much sense to me except for servers, where yo know which ports need to be opened. For everything else they are way too much time consuming.
      • Likes 1

      Comment

      • #4
        Don't want to be too pedantic here, but just as its not SystemD (hurting your eyes), it's not "NFTables", but nftables. There are no capital letters in the name.
        • Likes 6

        Comment

        • #5
          Python, yikes
          • Likes 3

          Comment

          • #6
            Originally posted by Danny3 View Post
            Cool, but I still think OpenSnitch is the most intuitive and easy to use firewall.
            All these por-based firewall don't make much sense to me except for servers, where yo know which ports need to be opened. For everything else they are way too much time consuming.
            I read up on the OpenSnitch project, seems to have quite a neat GUI setup but your claim of knowing which ports needs to be opened is quite backwards (in terms of security, and firewall is all about security). You open the ports when it's needed (same with a service), it takes longer if you lookup the ports (or the documentation does not provide the specified ports, which makes it a bad documentation) but it has the same principle in real life. You won't just open the door to your home for anybody, you'll make sure it's safe (if it's a stranger, no suspect behavior etc) and when the person checks out (while the stranger wants to enter and being respectful enough) you let the stranger in but as a standard you block the entrance until everything seems to be in order for anyone that wants to enter your home.

            Comment

            • #7
              Originally posted by Sethox View Post

              > intuitive and easy to use firewall.

              I read up on the OpenSnitch project, seems to have quite a neat GUI setup [but...].
              Yes, years ago, I saw a program in Windows that, although the easily-configurable-per-program firewall "would not let it connect to internet", it launched Internet Explorer with a crafted URL, effectively sending data from the computer...​

              Comment

              • #8
                Originally posted by Danny3 View Post
                [...] All these por-based firewall don't make much sense to me except for servers, where yo know which ports need to be opened. For everything else they are way too much time consuming.
                That's why Firewalld comes with a predefined list of services and their ports. Most of the time you only need something like

                Code:
                firewall-cmd --zone=public --add-service=minecraft
                If you need anything else that is exotic then hopefully you already know what you're doing..
                • Likes 4

                Comment

                • #9
                  Originally posted by RejectModernity View Post
                  Python, yikes
                  as much as I dislike Python, this is one of the few application where it make sense to use it
                  Last edited by cynic; 24 June 2023, 01:48 PM.
                  • Likes 1

                  Comment

                  • #10
                    Originally posted by Sethox View Post

                    I read up on the OpenSnitch project, seems to have quite a neat GUI setup but your claim of knowing which ports needs to be opened is quite backwards (in terms of security, and firewall is all about security). You open the ports when it's needed (same with a service), it takes longer if you lookup the ports (or the documentation does not provide the specified ports, which makes it a bad documentation) but it has the same principle in real life. You won't just open the door to your home for anybody, you'll make sure it's safe (if it's a stranger, no suspect behavior etc) and when the person checks out (while the stranger wants to enter and being respectful enough) you let the stranger in but as a standard you block the entrance until everything seems to be in order for anyone that wants to enter your home.
                    No, just like any security, it's about "security vs. convenience", not "all about security". If security is paramount and convenience does not matter, the most secure way to use computers is to not use them.

                    Thus, your analogy is misplaced and this maximalist mindset will never fly in real life.
                    Last edited by intelfx; 25 June 2023, 08:43 AM.
                    • Likes 3

                    Comment

                    Previous 1 2 template Next
                    Working...
                    X