This feature was deferred until the 2010-02-02 meeting.
There are outstanding questions from a number of fesco members. Please check the talk page or watch this ticket for those questions.

Twoerner: Sorry for not adding my questions yet. ;(

1. I know that the current 'service iptables restart' unloads all rules (and possibly modules) and reloads them. Is there some reason it doesn't use 'iptables-restore' with the new rules (which is atomic)? Or could system-config-firewall use iptables-restore?

2. The dbus interface to this allows applications to add/remove rules to the existing firewall. What privs would an app need to do this? Is there something in place that would only allow them to change their own rules? Is there going to be any oversight of what apps do this and what they are allowed to do?

3. If system-config-iptables doesn't update the /etc/sysconfig/iptables and iptables-config files, isn't this a chance for confusion if a user restarts manually or reboots? How can we avoid them getting out of sync?

Those are mine... thanks. :)

I was contacted by Twoerner and he told me that he is no longer targeting this feature for Fedora 13 so it can be dropped from the discussion list. As a result I am closing this ticket.

It is a good to ask questions about features on the "Talk" page of the feature page so everyone see what is being asked along with the answers.