Home_greyopenFATE - openSUSE feature tracking > #318356
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Add firewalld and YaST support to openSUSE

Feature state

openSUSE Distribution
New

Description

firewalld provides a dynamic firewall that can handle iptables, ip6tables and ebtables based on the connections saved in NetworkManager. With firewalld the firewall configuration can be changed "on the fly" without having to reload the whole firewall tables. Firewalld is particularly useful for computers with highly volatile network setups, i.e. mobile hardware (laptops) or virtualization hosts.

it would be desirable to add firewalld as an alternative to SuSEfirewall2 for users that want it.

Apart from the firewalld package itself, it's necessary to add firewalld support to Yast2 so modules can manipulate ports and services just like it happens with SuSEFirewall2 at the moment.

Finally, it's also needed to enhance the yast2-firewall module to provide some support for firewalld. The UI can be replaced by the firewall-config which is shipped in the upstream code. As a result of which it will not be possible to provide ncurses ui support. The alternative to the firewall-config GTK UI would be the regular yast2 command line interface

User benefit:

SuSEfirewall2 is static and according to its developer not actively developed anymore. Also, current network setups can easily call for more than three zones, which firewalld provides by default.

Usecase

In Network Manager you can define for each stored connection which firewall zone will be used for the interface if that connection is used.

Best use case for this: wireless interface on a laptop of someone who travels a lot.

Testcase

Test case: I have been using firewalld from home:lemmy04:firewalld for a couple of months now to no ill effect.

Test case 2: firewalld in its current version is the default firewall subsystem in fedora and RHEL7...

Discussion


icons/user_comment.png M. M. wrote: (3 years ago)

I think this is a really important feature to have, I've tried openSUSE in a server last week and I struggled with the firewall, I think firewalld is more flexible and user friendly than SuSEfirewall, I use it on Fedora and CentOS.

icons/user_comment.png M. C. wrote: (21 months ago)

Hi,
This is now in the openSUSE Tumbleweed.
The devel project is here

https://build.opensuse.org/package/show/security:netfilter/firewalld

icons/user_comment.png M. P. wrote: (20 months ago)

here is tutorial what I had to do to enable proper zeroconf configuration, most of it was switching to firewalld :( http://niczsoft.com/2016/04/zeroconf-on-opensuse/

icons/user_comment.png K. C. wrote: (12 months ago)

firewalld has now been added to the main repositories for Leap 42.2 and Tumbleweed, but I don't think there's been any work on YaST integration yet (not familiar with firewalld though).

icons/user_comment.png J. R. wrote: (2 months ago)

Firewalld is very interactive and powerful, I think it would look great that it was in Yast. I am using it in CentOS and I have seen that it works very well.

Last change: 8 weeks ago
Voting
Score: 10
  • Negative: 0
  • Neutral: 1
  • Positive: 10
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint