On 23/12/10 17:03, Thomas Woerner wrote: > Hello, > > as discussed some time ago, I worked on the proof of concept > implementation of firewalld. FirewallD is a service daemon with a D-BUS > interface that provides a dynamic managed firewall. > > For more information on firewalld, please have a look at: > https://fedoraproject.org/wiki/FirewallD/ > > About this version: > > This is mostly the proof of concept implementation with some changes and > is feature complete for F-15 as a firewalld preview version. It will not > be enabled per default and will also not get installed per default. The > system-config-firewall with static firewall model will still be the > default firewall solution for Fedora 15. > > What this firewalld version can do: > > - It supports most of the firewall features system-config-firewall had, > but there are three limitations: > > 1) custom firewall rule files (iptables save format) are not > supported and most likely will never be, but there is support for > custom rules (limited functionality). > > 2) sysctl changes for ip_forward are not done, yet. > > 3) There are no permanent firewall settings, this means that all > settings are lost after a service restart or reboot. Permanent > firewall settings will be added later on. > > - The firewall daemon manages the firewall dynamically. This means that > changes are done without recreating the whole firewall. Also there is > no need to reload all firewall modules anymore. Firewall helpers are > loaded and unloaded if needed. > > - A simple tray applet (firewall-applet) shows the status of the public > firewall and is makes it simple to enable and disable firewall > services. The applet does not show firewall configuration settings > done with the libvirt interface. > > - firewall-cmd is the command line client that makes it possible to > enable, disable, query and list firewall features. firewall-cmd is > also not able to show firewall settings of the libvirt interface. > > - There is an rule and chain interface for libvirt, but the PolicyKit > policy is not in place, yet. > > What this version can not do (future features): > > - firewall-config, the firewall configuration utility, is not functional > - System vs. User/Session configuration > - Zone support > - NetworkManager firewall rule support > > > firewalld made it into a fedorahosted repo at: > > git://git.fedorahosted.org/git/firewalld.git > > The fedoraproject wiki page at > https://fedoraproject.org/wiki/FirewallD/ > exists and will get more updates soon. The feature request page for > Fedora 15 is also up to date: > https://fedoraproject.org/wiki/Features/DynamicFirewall#How_To_Test > > For test packages, please have a look at > http://twoerner.fedorapeople.org/firewalld/ > > firewalld has a requirement for system-config-firewall-1.2.28. This > version has checks for an active firewalld in the tools. > > Please have a look at > http://koji.fedoraproject.org/koji/buildinfo?buildID=211013 > for the Fedora 15 packages of this version. It is usable on fedora > versions< 15. > > How To Test > - Install firewalld and firewall-applet > - Start the firewalld service > - Start the tray applet firewall-applet > - Use firewall-cmd to enable for example ssh: > firewall-cmd --enable --service=ssh > - Enable samba for 10 seconds: > firewall-cmd --enable --service=samba --timeout=10 > - Enable ipp-client: > firewall-cmd --enable --service=ipp-client > - Disable ipp-client: > firewall-cmd --disable --service=ipp-client > - To restore your static firewall with lokkit again simply use: > lokkit --enabled > > You can also use the D-BUS interface directly. This is required for > libvirt (and later on also NetworkManager). The D-BUS interface > documentation is work in progress and will be added later on. > > > > Comments and additional information is highly welcome. > > Thanks in advance, > Thomas > Hi, First of all thanks for making this work on the command line first and gui second. Can I ask a stupid question? Does dbus have the kind of performance necessary to support this type of application? Thanks. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
