Firewalld

From Gentoo Wiki
Jump to:navigation Jump to:search

FirewallD is DBUS-enabled firewall software for Linux, which works on top of the in-kernel iptables firewall. It was created by Red Hat, but it is available on many Linux distributions, including in Gentoo as net-firewall/firewalld.

From the project homepage:

Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.

Its documentation is available on the project website in HTML format.

USE flags

USE flags for net-firewall/firewalld Firewall daemon with D-Bus interface providing a dynamic firewall

+iptables Add support for net-firewall/iptables as firewall backend
+nftables Add support for net-firewall/nftables as firewall backend
gui Enable support for a graphical user interface
selinux !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
test Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)

Configuration

Configuration may be modified with firewall-cmd; changes will remain in effect until the service is restarted. To persist changes, either:

  • Run
    root #firewall-cmd --runtime-to-permanent
    after firewalld is in the desired state

or:

  • Include the --permanent flag with a given command. Running
    root #firewall-cmd --reload
    will be required for the changes with --permanent to take effect.

See Also

  • Iptables — a program used to configure and manage the kernel's netfilter modules.
  • nftables — the successor to iptables.
  • ufw — the uncomplicated firewall

References