From Fedora Project Wiki

No edit summary
(→‎firewalld: lockdown)
Line 3: Line 3:


= firewalld =
= firewalld =
== locking the firewall ==
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>
The firewall must be reloaded to refresh the whitelist:
firewall-cmd --reload
== configuring the firewall ==
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
= BIND10 =
= BIND10 =
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.

Revision as of 19:39, 15 April 2013

Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer


firewalld

locking the firewall

Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.

To lock down the firewall, set Lockdown=yes in /etc/firewalld/firewalld.conf

Whitelist definitions are kept in /etc/firewalld/lockdown-whitelist.xml. This example whitelist allows firewall-cmd to configure the firewall:

<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>

The firewall must be reloaded to refresh the whitelist:

firewall-cmd --reload

configuring the firewall

Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .

BIND10

The latest versions of the popular nameserver bind and dhcp server dhcpd server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for named and SQL backend for dhcpd.

For more information, consult the bind10 manual at http://bind10.isc.org/docs/bind10-guide.html .

stable network interface naming

The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in /etc/system/network-scripts, although in most cases biosdevname will continue to manage naming.

For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .