No edit summary |
|||
Line 3: | Line 3: | ||
== Summary == | == Summary == | ||
This feature adds a rich (high level) language to firewalld, that allows to easily create complex firewall rules without the knowledge of iptables syntax. | This feature adds a rich (high level) language to firewalld, that allows to easily create complex firewall rules without the knowledge of iptables syntax. | ||
The feature is limited to milestone 1: config files, without cli and D-Bus interfaces. | |||
== Owner == | == Owner == | ||
Line 10: | Line 12: | ||
== Current status == | == Current status == | ||
* Targeted release: [[Releases/19 | Fedora 19 ]] | * Targeted release: [[Releases/19 | Fedora 19 ]] | ||
* Last updated: 2013-03- | * Last updated: 2013-03-20 | ||
* Percentage of completion: | * Percentage of completion: 80% | ||
* Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20. | * Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20. | ||
** Milestone 1 | ** Milestone 1: Rich config language via config files; minimal lockdown ~ end of March | ||
** Milestone 2 | ** Milestone 2: New config language via D-BUS interfaces with command line client ~ end of May | ||
** Milestone 3 | ** Milestone 3: GUI early to mid July | ||
== Detailed Description == | == Detailed Description == |
Revision as of 12:13, 20 March 2013
firewalld Rich Language
Summary
This feature adds a rich (high level) language to firewalld, that allows to easily create complex firewall rules without the knowledge of iptables syntax.
The feature is limited to milestone 1: config files, without cli and D-Bus interfaces.
Owner
- Name: Thomas Woerner
- Email: twoerner@redhat.com
Current status
- Targeted release: Fedora 19
- Last updated: 2013-03-20
- Percentage of completion: 80%
- Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20.
- Milestone 1: Rich config language via config files; minimal lockdown ~ end of March
- Milestone 2: New config language via D-BUS interfaces with command line client ~ end of May
- Milestone 3: GUI early to mid July
Detailed Description
Currently, complex firewall rules can only be added using the direct interface of firewalld. But this requires to know the syntax of iptables and the rules are not permanent.
With the rich language more complex firewall rules can be created in an easy to understand way. The language will use keywords with (sometimes multiple) values and will be an abstract representation of ip*tables and ebtables rules. Services and zones can be configured using this language, the current configuration will still be supported.
A mixture of the old and new configuration of services and zones might be possible, but this needs to be verified. With the possibility to use the rich language in services and zones, the configuration will also be permanent.
The configuration with files will be available for Fedora 19. The D-BUS interface with the command line client should be finished, but this depends on Fedora 19 schedule. UI work will most likely be available later (depends on Fedora 19 schedule also).
Benefit to Fedora
More powerful and easier firewall configuration.
Scope
Only needs changes in firewalld and it's components.
How To Test
Create firewall rules using the rich language in services and zones. More to come.
User Experience
Users will be able to easily create more powerful and also permanent firewall configurations.
Dependencies
None.
Contingency Plan
Disabling or reverting of the feature should be easy as it will be created as an addition to the current configuration. Only users of the new language will be affected.
Documentation
This will be added with feature progress.
Release Notes
Fedora 19 includes the latest firewalld version that supports a rich language to be able to create more complex firewalls in a easy way.