No edit summary |
No edit summary |
||
Line 3: | Line 3: | ||
== Summary == | == Summary == | ||
This feature adds a simple configuration setting for firewalld to be able to lock down configuration changes from local applications. | This feature adds a simple configuration setting for firewalld to be able to lock down configuration changes from local applications. | ||
The feature is limited to milestone 1: config files, without cli and D-Bus interfaces. | |||
== Owner == | == Owner == | ||
Line 10: | Line 12: | ||
== Current status == | == Current status == | ||
* Targeted release: [[Releases/19 | Fedora 19 ]] | * Targeted release: [[Releases/19 | Fedora 19 ]] | ||
* Last updated: 2013-03- | * Last updated: 2013-03-20 | ||
* Percentage of completion: | * Percentage of completion: 80% | ||
* Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20. | * Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20. | ||
** Milestone 1 | ** Milestone 1: Rich config language via config files; minimal lockdown ~ end of March | ||
** Milestone 2 | ** Milestone 2: New config language via D-BUS interfaces with command line client ~ end of May | ||
** Milestone 3 | ** Milestone 3: GUI early to mid July | ||
== Detailed Description == | == Detailed Description == |
Revision as of 12:15, 20 March 2013
firewalld Lockdown
Summary
This feature adds a simple configuration setting for firewalld to be able to lock down configuration changes from local applications.
The feature is limited to milestone 1: config files, without cli and D-Bus interfaces.
Owner
- Name: Thomas Woerner
- Email: twoerner@redhat.com
Current status
- Targeted release: Fedora 19
- Last updated: 2013-03-20
- Percentage of completion: 80%
- Firewalld milestones for rich language and lockdown features, the milestones 1 and 2 (base and cli) a planned for F-19. Milestone 3 (gui) is planned for F-20.
- Milestone 1: Rich config language via config files; minimal lockdown ~ end of March
- Milestone 2: New config language via D-BUS interfaces with command line client ~ end of May
- Milestone 3: GUI early to mid July
Detailed Description
Local applications or services are able to change the firewall configuration if they are running as root (example: libvirt). With this feature the administator can lock the firewall configuration so that either none or only applications that are in the allowed list are able to request firewall changes.
The lockdown feature is a very light version of user and application policies for firewalld and is turned off by default. Comprehensive user and application policies will be added later on.
Benefit to Fedora
An easy way to lock the firewall configuration for local applications.
Scope
Only needs changes in firewalld and it's components.
How To Test
Set the lock and use system-config-printer - it will try to open some ports.
User Experience
The lock down settings defaults to disabled. If enabled the user can be sure that there are no unwanted configuration changes for the firewall from local applications or services.
Dependencies
None.
Contingency Plan
This is a simple firewalld setting, which can be enabled or dropped easily.
Documentation
TBD
Release Notes
Fedora 19 includes the latest firewalld version that supports the firewalld lockdown feature to be able to lock the firewall configuration for local applications.