Generated release of dynamically managed firewall firewalld 2.4.0, implemented in the form of a wrapper over nftables and iptables packet filters. Firewalld runs as a background process that allows you to dynamically change packet filter rules via D-Bus without having to reload the packet filter rules or breaking established connections. The project is already used in many Linux distributions, including RHEL 7+, Fedora 18+ and SUSE/openSUSE 15+. The firewalld code is written in Python and distributed under the GPLv2 license.
To manage the firewall, the firewall-cmd utility is used, which, when creating rules, is based not on IP addresses, network interfaces and port numbers, but on the names of services (for example, to open access to SSH you need to run “firewall-cmd –add –service=ssh”, to close SSH – “firewall-cmd –remove –service=ssh”). To change the firewall configuration, the firewall-config (GTK) graphical interface and the firewall-applet (Qt) applet can also be used. Support for firewall management via the D-BUS API firewalld is available in projects such as NetworkManager, libvirt, podman, docker and fail2ban.
Key changes:
- Added a set of “gateway” rules covering the functionality of a typical home router (including NAT, conntrack handlers and traffic redirection between zones). Example setting up a gateway with internal and external network interfaces using the “gateway” ruleset: firewall-cmd –permanent –zone internal –add-interface eth0 firewall-cmd –permanent –zone external –add-interface eth1 firewall-cmd –permanent –policy-set gateway –remove-disable firewall-cmd –reload
- Implemented a “disable” flag that can be used in XML settings