Immanetize (talk | contribs) No edit summary |
Immanetize (talk | contribs) (→firewalld: lockdown) |
||
Line 3: | Line 3: | ||
= firewalld = | = firewalld = | ||
== locking the firewall == | |||
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts. | |||
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 --> | |||
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf` | |||
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall: | |||
<whitelist> | |||
<command name="/usr/bin/python /usr/bin/firewall-cmd" | |||
</whitelist> | |||
The firewall must be reloaded to refresh the whitelist: | |||
firewall-cmd --reload | |||
== configuring the firewall == | |||
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage . | |||
= BIND10 = | = BIND10 = | ||
The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`. | The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`. |
Revision as of 19:39, 15 April 2013
firewalld
locking the firewall
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
To lock down the firewall, set Lockdown=yes
in /etc/firewalld/firewalld.conf
Whitelist definitions are kept in /etc/firewalld/lockdown-whitelist.xml
. This example whitelist allows firewall-cmd
to configure the firewall:
<whitelist> <command name="/usr/bin/python /usr/bin/firewall-cmd" </whitelist>
The firewall must be reloaded to refresh the whitelist:
firewall-cmd --reload
configuring the firewall
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
BIND10
The latest versions of the popular nameserver bind
and dhcp server dhcpd
server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for named
and SQL backend for dhcpd
.
For more information, consult the bind10
manual at http://bind10.isc.org/docs/bind10-guide.html .
stable network interface naming
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in /etc/system/network-scripts
, although in most cases biosdevname
will continue to manage naming.
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .