Fedora 18 and Firewalld

When Sperical Cow hits the digital shelves sometime in late October or early November, users will have to get used to a new firewall management application. Sperical Spherical Cow is, of course the code-name for Fedora 18, the next stable release of Fedora.

On current versions of Fedora, the firewall management application is system-config-firewall, a static firewall application that requires a refresh of the firewall with any rule change. The new application will provide a dynamic system that will not require a refresh or reload of the firewall, even after a rule change.

The new kid on the block is called Firewalld, and it is made up of a daemon with a D-BUS interface – firewalld; a command line interface – firewall-cmd; a graphical management interface – firewall-config; and a desktop applet – firewall-applet. Most of the work has been done, but not all the parts are working, at least in the just released Fedora 18 Alpha that I tested.

In this alpha release, Firewalld is installed and running, but firewall-applet is not installed. This, for example, is the interface for firewall-config. It does not work, so I could not mess with it. But you can tell that the final product will be easy to manage.
Firewalld

With Firewalld and coupled with NetworkManager, you will be able to utilize network zones on your system. The Shields Up/Down interface, which you start from the firewall applet, makes it easy to manage configured zones.
Firewalld Shields

This is a screen shot of the firewall-applet. The options are self-explanatory.
Firewalld Applet

What the applet looks like when network traffic is blocked.
Firerwalld Panic Mode

Here is an excerpt from the Fedora wiki what Firewalld really brings to the table:

The dynamic firewall mode with firewalld will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

This is for example very useful for services, that need to add additional firewall rules. libvirtd is one of them and also openvpn in the future. With the static firewall model these rules are lost if the firewall gets modified or restarted. The firewall daemon holds the current configuration internally and is able to modify the firewall without the need to recreate the complete firewall configuration; it is also able to restore the configuration in a service restart and reload case.

Another use case for the dynamic firewall mode is printer discovery. For this the discovery program will be started locally that sends out a broadcast message. It will most likely get an answer from an unknown address (the new printer). This answer will be filtered by the firewall, because the answer is not related to the broadcast and the port of the program that was sending out the message is dynamic and therefore a fixed rule can not be created for this. With the dynamic firewall mode a time limited rule could be requested by the discovery program to allow the receipt of the answer.

Related Posts

Fedora 17 KDE and GNOME 3 preview Fedora 17, code-named Beefy Miracle, was released yesterday for all to download and use. Aside for the main edition, which uses the GNOME 3 desktop en...
Building a Fedora-Based VoIP Server There are not a whole lot of active Linux or BSD-based Telephony/IP-PBX distros, but the few we have are quite good and easy to setup and configure. O...
Fedora 20 GNOME 3 and KDE preview Fedora 20 is coming along real nice, with many excellent features for desktop and server users. Courtesy of the 4th alpha edition, which was released ...
4 security features in Fedora 16 The security features in Fedora make it one of my favorite Linux distributions. And that is partly why it is in my list of the top 6 KDE distributions...
How to enable auto-login and create a guest user account on Fedora 14 Fedora is one of very few distributions that does not have the auto-login feature in its graphical user management tool. Auto-login allows the system ...
Disk Encryption in Fedora 16 No distribution's installer makes setting up disk encryption as easy as Anaconda, the Fedora system installer. And that has not changed in Fedora 16, ...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


5 Comments

  1. How to disable firewalld?

  2. Pingback: Links 22/9/2012: September Catchup | Techrights

  3. sp: spherical cow

Leave a Comment

Your email address will not be published. Required fields are marked *

*