From Fedora Project Wiki
No edit summary
Line 3: Line 3:
== Summary ==
== Summary ==


Support for dynamic firewall model with DBus interface. The current firewall model is static and requires a full firewall restart for all changes, even simple ones.
Support for dynamic firewall management with DBus interface. The current firewall model with system-config-firewall is static and requires a full firewall restart for all changes, even simple ones.


== Owner ==
== Owner ==
Line 13: Line 13:


* Targeted release: [[Releases/15|Fedora 15]]  
* Targeted release: [[Releases/15|Fedora 15]]  
* Last updated: 2010-10-07
* Last updated: 2010-12-22
* Percentage of completion: 30%
* Percentage of completion: 95%


== Detailed Description ==
== Detailed Description ==


[https://fedoraproject.org/wiki/SystemConfig/firewall system-config-firewall] wiki page
The firewalld package contains the proof of concept implementation of firewalld as a preview.
 
Please have a look at the documentation on [https://fedoraproject.org/wiki/FirewallD/ the FirewallD wiki page on fedoraproject.org] for more information on firewalld.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 26: Line 28:
== Scope ==
== Scope ==


Requires rebasing system-config-firewall to a new version.  
The required change in system-config-firewall is a simple check for an active firewalld. This has already been added to system-config-firewall-1.2.28 in rawhide.


== How To Test ==
== How To Test ==


Compare firewall settings in static and dynamic mode.
* Install firewalld and firewall-applet
* Start the firewalld service
* Start the tray applet firewall-applet
* Use firewall-cmd to enable for example ssh:
  firewall-cmd --enable --service=ssh
* Enable samba for 10 seconds:
  firewall-cmd --enable --service=samba --timeout=10


== User Experience ==
== User Experience ==


Connections will be persistent even after changing firewall settings.
Connections will be persistent even after changing firewall settings using the firewall daemon.


== Dependencies ==
== Dependencies ==


* iptables (no changes should be needed)
* system-config-firewall (changes already in place)
* iptables (no changes needed)


== Contingency Plan ==
== Contingency Plan ==


The current static mode will still be available, therefore backwards compatible. The dynamic mode could easily be deactivated to go back to the old mode.
The current static firewall will still be used as the default firewall solution. The firewall daemon service will be optional and not installed and not activated by default. Therefore there should be no problem by adding this feature.


== Documentation ==
== Documentation ==


See [https://fedoraproject.org/wiki/SystemConfig/firewall https://fedoraproject.org/wiki/SystemConfig/firewall] for now.
See [https://fedoraproject.org/wiki/FirewallD https://fedoraproject.org/wiki/FirewallD]


== Release Notes ==
== Release Notes ==


Fedora 15 adds support for firewall daemon, that provides the dynamic firewall model with a D-Bus interface.
Fedora 15 adds support for the optional firewall daemon, that provides a dynamic firewall management with a D-Bus interface.


[[Category:FeaturePageIncomplete]]
[[Category:FeaturePageIncomplete]]

Revision as of 15:42, 22 December 2010

Dynamic Firewall

Summary

Support for dynamic firewall management with DBus interface. The current firewall model with system-config-firewall is static and requires a full firewall restart for all changes, even simple ones.

Owner

Current status

  • Targeted release: Fedora 15
  • Last updated: 2010-12-22
  • Percentage of completion: 95%

Detailed Description

The firewalld package contains the proof of concept implementation of firewalld as a preview.

Please have a look at the documentation on the FirewallD wiki page on fedoraproject.org for more information on firewalld.

Benefit to Fedora

The dynamic firewall mode will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

Scope

The required change in system-config-firewall is a simple check for an active firewalld. This has already been added to system-config-firewall-1.2.28 in rawhide.

How To Test

  • Install firewalld and firewall-applet
  • Start the firewalld service
  • Start the tray applet firewall-applet
  • Use firewall-cmd to enable for example ssh:
 firewall-cmd --enable --service=ssh
  • Enable samba for 10 seconds:
 firewall-cmd --enable --service=samba --timeout=10

User Experience

Connections will be persistent even after changing firewall settings using the firewall daemon.

Dependencies

  • system-config-firewall (changes already in place)
  • iptables (no changes needed)

Contingency Plan

The current static firewall will still be used as the default firewall solution. The firewall daemon service will be optional and not installed and not activated by default. Therefore there should be no problem by adding this feature.

Documentation

See https://fedoraproject.org/wiki/FirewallD

Release Notes

Fedora 15 adds support for the optional firewall daemon, that provides a dynamic firewall management with a D-Bus interface.