From Fedora Project Wiki
Line 64: Line 64:


See [https://fedoraproject.org/wiki/FirewallD/ https://fedoraproject.org/wiki/FirewallD/]
See [https://fedoraproject.org/wiki/FirewallD/ https://fedoraproject.org/wiki/FirewallD/]
The fedorahosted site is here: [https://fedorahosted.org/firewalld/ https://fedorahosted.org/firewalld/]


== Release Notes ==
== Release Notes ==

Revision as of 13:52, 27 December 2010

Dynamic Firewall

Summary

Support for dynamic firewall management with DBus interface. The current firewall model with system-config-firewall is static and requires a full firewall restart for all changes, even simple ones.

Owner

Current status

  • Targeted release: Fedora 15
  • Last updated: 2010-12-23
  • Percentage of completion: 100%

Detailed Description

The firewalld package contains the proof of concept implementation of firewalld as a preview.

Please have a look at the documentation on the FirewallD wiki page on fedoraproject.org for more information on firewalld.

Benefit to Fedora

The dynamic firewall mode will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

Scope

The required change in system-config-firewall is a simple check for an active firewalld. This has already been added to system-config-firewall-1.2.28 in rawhide.

How To Test

  • Install firewalld and firewall-applet
  • Start the firewalld service
  • Start the tray applet firewall-applet
  • Use firewall-cmd to enable for example ssh:
 firewall-cmd --enable --service=ssh
  • Enable samba for 10 seconds:
 firewall-cmd --enable --service=samba --timeout=10
  • Enable ipp-client:
 firewall-cmd --enable --service=ipp-client
  • Disable ipp-client:
 firewall-cmd --disable --service=ipp-client
  • To restore your static firewall with lokkit again simply use:
 lokkit --enabled

You can also use the D-BUS interface directly. This is required for libvirt (and later on also NetworkManager).

User Experience

Connections will be persistent even after changing firewall settings using the firewall daemon.

Dependencies

  • system-config-firewall (changes already in place)
  • iptables (no changes needed)

Contingency Plan

The current static firewall will still be used as the default firewall solution. The firewall daemon service will be optional and not installed and not activated by default. Therefore there should be no problem by adding this feature.

Documentation

See https://fedoraproject.org/wiki/FirewallD/

The fedorahosted site is here: https://fedorahosted.org/firewalld/

Release Notes

Fedora 15 adds support for the optional firewall daemon, that provides a dynamic firewall management with a D-Bus interface.

Retrieved from "https://fedoraproject.org/w/index.php?title=Features/DynamicFirewall&oldid=212902"