firewalld-0.8.0

Introduction to firewalld

The firewalld package provides a dynamically managed firewall with support for network or firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add nftables or iptables and ebtables rules directly.

This package is known to build and work properly using an LFS-9.0 platform.

Package Information

firewalld Dependencies

Required

nftables-0.9.3, and python-slip-0.6.5

Recommended

Optional

GTK+-3.24.13 (runtime only, required for fireall-config), Qt-5.13.2 (runtime only, required for fireall-applet), and ipset for ipset support (only when used with iptables)

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/firewalld

Installation of firewalld

Install firewalld by running the following commands:

PYTHON=/usr/bin/python3           \
    ./configure --sysconfdir=/etc \
                --without-ipset   &&
make

The testsuite for firewalld is very dependent on the running kernel and system configuration. It requires ipset as well as both backends, and all supported kernel options available.

If the above conditions are met, run the testsuite as the root user with the command make -C src check. Any test failures are likely the result of an incomplete configuration. Failed tests will give a detailed failure status at src/test/testsuite.dir/<###>/testsuite.log.

Now, as the root user:

make install

Command Explanations

--without-ipset: This switch disables use of the ipset utility. Omit if it is installed.

--without-{ip{,6},eb}tables{,-restore}: These switches disable iptables support and are required if you wish to build without iptables support.

Configuring firewalld

Config Files

/etc/firewall/applet.conf, /etc/firewalld/firewalld.conf, and /etc/sysconfig/firewalld

Configuration of firewalld is generally done without modification of the above configuration files using the firewall-cmd command. Within the above configuration files you can set daemon behavior only. E.g.: whether runtime rules are retained on restart, which firewall backend to use (default is nftables), or whether to turn on debugging.

Detailed documentation is provided by the firewalld developers at https://firewalld.org/documentation/.

Systemd Unit

If you need to run the firewalld daemon at system startup, enable the previously installed firewalld.service unit with the following command:

systemctl enable firewalld

Contents

Installed Programs: firewall-applet, firewall-cmd, firewall-config, firewall-offline-cmd, and firewalld
Installed Libraries: None
Installed Directories: /etc/firewalld, /etc/firewall, /usr/lib/firewalld, and /usr/lib/python-3.8.0/site-packages/firewall

Short Descriptions

firewall-applet

is a tray applet using QSettings backend.

firewall-cmd

is the primary command line frontend.

firewall-config

is a GUI configuration tool using GTK+-3.

firewall-offline-cmd

is a command line client used for permanent configuration while firewalld is not running.

firewalld

is the Dynamic Firewall Manager daemon.

Last updated on 2019-12-07 11:38:33 -0600