From Fedora Project Wiki
No edit summary
Line 14: Line 14:
* Targeted release: [[Releases/15|Fedora 15]]  
* Targeted release: [[Releases/15|Fedora 15]]  
* Last updated: 2010-12-22
* Last updated: 2010-12-22
* Percentage of completion: 95%
* Percentage of completion: 100%


== Detailed Description ==
== Detailed Description ==

Revision as of 14:27, 23 December 2010

Dynamic Firewall

Summary

Support for dynamic firewall management with DBus interface. The current firewall model with system-config-firewall is static and requires a full firewall restart for all changes, even simple ones.

Owner

Current status

  • Targeted release: Fedora 15
  • Last updated: 2010-12-22
  • Percentage of completion: 100%

Detailed Description

The firewalld package contains the proof of concept implementation of firewalld as a preview.

Please have a look at the documentation on the FirewallD wiki page on fedoraproject.org for more information on firewalld.

Benefit to Fedora

The dynamic firewall mode will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

Scope

The required change in system-config-firewall is a simple check for an active firewalld. This has already been added to system-config-firewall-1.2.28 in rawhide.

How To Test

  • Install firewalld and firewall-applet
  • Start the firewalld service
  • Start the tray applet firewall-applet
  • Use firewall-cmd to enable for example ssh:
 firewall-cmd --enable --service=ssh
  • Enable samba for 10 seconds:
 firewall-cmd --enable --service=samba --timeout=10
  • To restore your static firewall with lokkit again simply use:
 lokkit --enabled

User Experience

Connections will be persistent even after changing firewall settings using the firewall daemon.

Dependencies

  • system-config-firewall (changes already in place)
  • iptables (no changes needed)

Contingency Plan

The current static firewall will still be used as the default firewall solution. The firewall daemon service will be optional and not installed and not activated by default. Therefore there should be no problem by adding this feature.

Documentation

See https://fedoraproject.org/wiki/FirewallD

Release Notes

Fedora 15 adds support for the optional firewall daemon, that provides a dynamic firewall management with a D-Bus interface.