Fedora 18 and Firewalld

When Sperical Cow hits the digital shelves sometime in late October or early November, users will have to get used to a new firewall management application. Sperical Spherical Cow is, of course the code-name for Fedora 18, the next stable release of Fedora.

On current versions of Fedora, the firewall management application is system-config-firewall, a static firewall application that requires a refresh of the firewall with any rule change. The new application will provide a dynamic system that will not require a refresh or reload of the firewall, even after a rule change.

The new kid on the block is called Firewalld, and it is made up of a daemon with a D-BUS interface – firewalld; a command line interface – firewall-cmd; a graphical management interface – firewall-config; and a desktop applet – firewall-applet. Most of the work has been done, but not all the parts are working, at least in the just released Fedora 18 Alpha that I tested.

In this alpha release, Firewalld is installed and running, but firewall-applet is not installed. This, for example, is the interface for firewall-config. It does not work, so I could not mess with it. But you can tell that the final product will be easy to manage.
Firewalld

With Firewalld and coupled with NetworkManager, you will be able to utilize network zones on your system. The Shields Up/Down interface, which you start from the firewall applet, makes it easy to manage configured zones.
Firewalld Shields

This is a screen shot of the firewall-applet. The options are self-explanatory.
Firewalld Applet

What the applet looks like when network traffic is blocked.
Firerwalld Panic Mode

Here is an excerpt from the Fedora wiki what Firewalld really brings to the table:

The dynamic firewall mode with firewalld will make it possible to change firewall settings without the need to restart the firewall and will make persistent connections possible.

This is for example very useful for services, that need to add additional firewall rules. libvirtd is one of them and also openvpn in the future. With the static firewall model these rules are lost if the firewall gets modified or restarted. The firewall daemon holds the current configuration internally and is able to modify the firewall without the need to recreate the complete firewall configuration; it is also able to restore the configuration in a service restart and reload case.

Another use case for the dynamic firewall mode is printer discovery. For this the discovery program will be started locally that sends out a broadcast message. It will most likely get an answer from an unknown address (the new printer). This answer will be filtered by the firewall, because the answer is not related to the broadcast and the port of the program that was sending out the message is dynamic and therefore a fixed rule can not be created for this. With the dynamic firewall mode a time limited rule could be requested by the discovery program to allow the receipt of the answer.

Related Posts

Fedora 16 KDE and GNOME 3 Alpha screenshots The first alpha of Fedora 16 was released yesterday (August 23, 2011). As you might expect, this is buggy, really buggy. While bug hunting is in progr...
Replace Oxygen with ROSA theme on any KDE-powered distribution I like beautiful graphics, but beauty, as they say, is in the eyes of the beholder, so what I consider beautiful, might not be that to you. So when...
DevAssistant: A developer’s best friend One application I came across while testing an installation of the main edition Fedora 21 alpha is DevAssistant. (See Fedora 21 Workstation: GNOME 3. ...
How to create a laser light show with Fedora Every day, people are making all kinds of incredible software powered by Fedora. The Fedora user community is broad and diverse, and sometimes, we...
How to use fedora-tools image for Fedora Atomic Host Fedora Atomic Host is a container-native version of the Fedora distribution. It is one of several operating systems expressly designed for running con...
How to install and use Guake Terminal on Fedora 23 Recently I wrote about how to install Terminator shell terminal on Ubuntu 15.10. In this article, you'll see how to install and use Guake, another ...

We Recommend These Vendors and Free Offers

ContainerizeThis 2016 is a free, 2-day conference for all things containers and big data. Featured, will be presentations and free, hands-on workshops. Learn more at ContainerizeThis.com

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


5 Comments

  1. How to disable firewalld?

  2. Pingback: Links 22/9/2012: September Catchup | Techrights

  3. sp: spherical cow

Leave a Comment

Your email address will not be published. Required fields are marked *

*