Fedora 18 and Firewalld

When Sperical Cow hits the digital shelves sometime in late October or early November, users will have to get used to a new firewall management application. Sperical Spherical Cow is, of course the code-name for Fedora 18, the next stable release of Fedora.

On current versions of Fedora, the firewall management application is system-config-firewall, a static firewall application that requires a refresh of the firewall with any rule change. The new application will provide a dynamic system that will not require a refresh or reload of the firewall, even after a rule change.

The new kid on the block is called Firewalld, and it is made up of a daemon with a D-BUS interface – firewalld; a command line interface – firewall-cmd; a graphical management interface – firewall-config; and a desktop applet – firewall-applet. Most of the work has been done, but not all the parts are working, at least in the just released Fedora 18 Alpha that I tested.

In this alpha release, Firewalld is installed and running, but firewall-applet is not installed. This, for example, is the interface for firewall-config. It does not work, so I could not mess with it. But you can tell that the final product will be easy to manage.

With Firewalld and coupled with NetworkManager, you will be able to utilize network zones on your system. The Shields Up/Down interface, which you start from the firewall applet, makes it easy to manage configured zones.
Firewalld Shields

This is a screen shot of the firewall-applet. The options are self-explanatory.
Firewalld Applet

What the applet looks like when network traffic is blocked.
Firerwalld Panic Mode

Here is an excerpt from the Fedora wiki what Firewalld really brings to the table:

The dynamic firewall mode with firewalld will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

This is for example very useful for services, that need to add additional firewall rules. libvirtd is one of them and also openvpn in the future. With the static firewall model these rules are lost if the firewall gets modified or restarted. The firewall daemon holds the current configuration internally and is able to modify the firewall without the need to recreate the complete firewall configuration; it is also able to restore the configuration in a service restart and reload case.

Another use case for the dynamic firewall mode is printer discovery. For this the discovery program will be started locally that sends out a broadcast message. It will most likely get an answer from an unknown address (the new printer). This answer will be filtered by the firewall, because the answer is not related to the broadcast and the port of the program that was sending out the message is dynamic and therefore a fixed rule can not be created for this. With the dynamic firewall mode a time limited rule could be requested by the discovery program to allow the receipt of the answer.

Related Posts

How to install and configure Adobe Flash Player 10.3 on Fedora 15 Fedora 15, code-named Lovelock, does not ship with commercial applications. Which means that you are not able to install essential applications like A...
How to dual-boot Fedora 14 and Windows 7 How to dual-boot Fedora 14 and Windows 7 is next in a series of articles on dual-booting Windows and Linux distributions. The first was how to dual bo...
Fedora 14 installation guide Fedora 14 is the latest update to the Red Hat-sponsored, Linux distribution. It is one of a handful of Linux distributions that use LVM, the Linux Log...
How to upgrade Fedora 22 to Fedora 23 using DNF system-upgrade Fedora 23 is the latest edition of the Fedora Linux distribution. This tutorial shows how to upgrade an installation of Fedora 22 to Fedora 23. ...
How to install Markpado Markdown editor on Fedora 23 KDE This article shows how to install Markpado on Fedora 23 KDE. The steps should also work on any other distribution that's based on Fedora and uses the ...
GNOME Software preview on Fedora 20 alpha GNOME Software is one of the more exciting features that I'm looking forward to in the next release of Fedora. This is a brand new project, but the pa...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


  1. How to disable firewalld?

  2. Pingback: Links 22/9/2012: September Catchup | Techrights

  3. sp: spherical cow

Leave a Comment

Your email address will not be published. Required fields are marked *