Hello, as discussed some time ago, I worked on the proof of concept implementation of firewalld. FirewallD is a service daemon with a D-BUS interface that provides a dynamic managed firewall. For more information on firewalld, please have a look at: https://fedoraproject.org/wiki/FirewallD/ About this version: This is mostly the proof of concept implementation with some changes and is feature complete for F-15 as a firewalld preview version. It will not be enabled per default and will also not get installed per default. The system-config-firewall with static firewall model will still be the default firewall solution for Fedora 15. What this firewalld version can do: - It supports most of the firewall features system-config-firewall had, but there are three limitations: 1) custom firewall rule files (iptables save format) are not supported and most likely will never be, but there is support for custom rules (limited functionality). 2) sysctl changes for ip_forward are not done, yet. 3) There are no permanent firewall settings, this means that all settings are lost after a service restart or reboot. Permanent firewall settings will be added later on. - The firewall daemon manages the firewall dynamically. This means that changes are done without recreating the whole firewall. Also there is no need to reload all firewall modules anymore. Firewall helpers are loaded and unloaded if needed. - A simple tray applet (firewall-applet) shows the status of the public firewall and is makes it simple to enable and disable firewall services. The applet does not show firewall configuration settings done with the libvirt interface. - firewall-cmd is the command line client that makes it possible to enable, disable, query and list firewall features. firewall-cmd is also not able to show firewall settings of the libvirt interface. - There is an rule and chain interface for libvirt, but the PolicyKit policy is not in place, yet. What this version can not do (future features): - firewall-config, the firewall configuration utility, is not functional - System vs. User/Session configuration - Zone support - NetworkManager firewall rule support firewalld made it into a fedorahosted repo at: git://git.fedorahosted.org/git/firewalld.git The fedoraproject wiki page at https://fedoraproject.org/wiki/FirewallD/ exists and will get more updates soon. The feature request page for Fedora 15 is also up to date: https://fedoraproject.org/wiki/Features/DynamicFirewall#How_To_Test For test packages, please have a look at http://twoerner.fedorapeople.org/firewalld/ firewalld has a requirement for system-config-firewall-1.2.28. This version has checks for an active firewalld in the tools. Please have a look at http://koji.fedoraproject.org/koji/buildinfo?buildID=211013 for the Fedora 15 packages of this version. It is usable on fedora versions < 15. How To Test - Install firewalld and firewall-applet - Start the firewalld service - Start the tray applet firewall-applet - Use firewall-cmd to enable for example ssh: firewall-cmd --enable --service=ssh - Enable samba for 10 seconds: firewall-cmd --enable --service=samba --timeout=10 - Enable ipp-client: firewall-cmd --enable --service=ipp-client - Disable ipp-client: firewall-cmd --disable --service=ipp-client - To restore your static firewall with lokkit again simply use: lokkit --enabled You can also use the D-BUS interface directly. This is required for libvirt (and later on also NetworkManager). The D-BUS interface documentation is work in progress and will be added later on. Comments and additional information is highly welcome. Thanks in advance, Thomas -- Thomas Woerner Software Engineer Phone: +49-711-96437-310 Red Hat GmbH Fax : +49-711-96437-111 Hauptstaetterstr. 58 Email: Thomas Woerner <twoerner@xxxxxxxxxx> D-70178 Stuttgart Web : http://www.redhat.de/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
