Description

firewall-config is a GUI to firewalld and knows everything that we've already tested in previous test cases.

Changing default zone

The Change Default Zone button in the menu does the same as firewall-cmd --set-default-zone=zone, see: Test case 2

Runtime and Persistent configuration

On the left side there's a zone list. Clicking on the zone name it's configuration is read and you can change it. The combo box next to "Current view" switches between persistent and runtime configuration.

Runtime configuration

If you change runtime configuration the changes are imediately aplied to the active configuration without a need to restart or confirm anything.

How to test

Set view to runtime, click on zone home, try adding/changing various services, ports etc. and check whether the runtime configuration changes correctly with:

 firewall-cmd --zone=home --list-all
 iptables-save | grep home

Do service firewalld restart and make sure the runtime changes are gone.

Persistent configuration

In a persistent view you can do the same but the changes are done in configuration files (/etc/firewalld/) and you have to press the Reload Firewalld button for the persistent configuration to become active. In the persistent view you can also add and edit zones, services and ICMP types.

How to test

Set view to persistent, click on zone internal, try adding/changing various services, ports etc. and check whether the configuration in /etc/firewalld/zones/internal.xml gets changed. Press Reload Firewalld button (or do service firewalld restart) and make sure the changes you had done survived the restart and are now active:

 firewall-cmd --zone=internal --list-all
 iptables-save | grep internal