|
Packit Service |
84cb3c |
README for firewalld
|
|
Packit Service |
84cb3c |
====================
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
firewalld provides a dynamically managed firewall with support for network or
|
|
Packit Service |
84cb3c |
firewall zones to define the trust level of network connections or interfaces.
|
|
Packit Service |
84cb3c |
It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a
|
|
Packit Service |
84cb3c |
separation of runtime and permanent configuration options. It also provides an
|
|
Packit Service |
84cb3c |
interface for services or applications to add ip*tables and ebtables rules
|
|
Packit Service |
84cb3c |
directly.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Development
|
|
Packit Service |
84cb3c |
-----------
|
|
Packit Service |
84cb3c |
To check out the source repository, you can use:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
git clone https://github.com/firewalld/firewalld.git
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
This will create a local copy of the repository.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Language Translations
|
|
Packit Service |
84cb3c |
---------------------
|
|
Packit Service |
84cb3c |
Firewalld uses GNU gettext for localization support. Translations can be done
|
|
Packit Service |
84cb3c |
using Fedora's Weblate instance [1]. Translations are periodically merged into
|
|
Packit Service |
84cb3c |
the main firewalld repository.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
[1] https://translate.stg.fedoraproject.org/projects/firewalld/
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Working With The Source Repository
|
|
Packit Service |
84cb3c |
----------------------------------
|
|
Packit Service |
84cb3c |
Install the following requirements or packages:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
desktop-file-utils: /usr/bin/desktop-file-install
|
|
Packit Service |
84cb3c |
gettext
|
|
Packit Service |
84cb3c |
intltool
|
|
Packit Service |
84cb3c |
glib2: /usr/bin/glib-compile-schemas
|
|
Packit Service |
84cb3c |
glib2-devel: /usr/share/aclocal/gsettings.m4
|
|
Packit Service |
84cb3c |
systemd-units
|
|
Packit Service |
84cb3c |
iptables
|
|
Packit Service |
84cb3c |
ebtables
|
|
Packit Service |
84cb3c |
ipset
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
For use with Python 3:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
python3-dbus
|
|
Packit Service |
84cb3c |
python3-slip-dbus
|
|
Packit Service |
84cb3c |
python3-decorator
|
|
Packit Service |
84cb3c |
python3-gobject
|
|
Packit Service |
84cb3c |
python3-nftables (nftables >= 0.9.3)
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
For use with Python 2:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
dbus-python
|
|
Packit Service |
84cb3c |
python-slip-dbus (http://fedorahosted.org/python-slip)
|
|
Packit Service |
84cb3c |
python-decorator
|
|
Packit Service |
84cb3c |
pygobject3-base (non-cairo parts of pygobject3)
|
|
Packit Service |
84cb3c |
python-nftables (nftables >= 0.9.3)
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
To be able to create man pages and documentation from docbook files:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
docbook-style-xsl
|
|
Packit Service |
7ea788 |
libxslt
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Use the usual autoconf/automake incantation to generate makefiles
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
./autogen.sh
|
|
Packit Service |
84cb3c |
./configure
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
You can use a specific python interpreter by passing the PYTHON variable. This
|
|
Packit Service |
84cb3c |
is also used by the testsuite.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
./configure PYTHON=/path/to/python3
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Use
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
to create the documentation and to update the po files.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Use
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make check
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
to run the testsuite. Tests are run inside network namespaces and do not
|
|
Packit Service |
84cb3c |
interfere with the host's running firewalld. They can also be run in parallel
|
|
Packit Service |
84cb3c |
by passing flags to autotest.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make check TESTSUITEFLAGS="-j4"
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
The testsuite also uses keywords to allow running a subset of tests that
|
|
Packit Service |
84cb3c |
exercise a specific area.
|
|
Packit Service |
84cb3c |
For example:
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make check TESTSUITEFLAGS="-k rich -j4"
|
|
Packit Service |
84cb3c |
24: rich rules audit ok
|
|
Packit Service |
84cb3c |
25: rich rules priority ok
|
|
Packit Service |
84cb3c |
26: rich rules bad ok
|
|
Packit Service |
84cb3c |
53: rich rules audit ok
|
|
Packit Service |
84cb3c |
23: rich rules good ok
|
|
Packit Service |
84cb3c |
55: rich rules bad ok
|
|
Packit Service |
84cb3c |
74: remove forward-port after reload ok
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
You can get a list of tests and keywords
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make -C src/tests check TESTSUITEFLAGS="-l"
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Or just the keywords
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make -C src/tests check TESTSUITEFLAGS="-l" \
|
|
Packit Service |
84cb3c |
|awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \
|
|
Packit Service |
84cb3c |
|tr ' ' '\n' |sort |uniq
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
There are integration tests. Currently this includes NetworkManager. These may
|
|
Packit Service |
84cb3c |
be _destructive_ to the host. Run them in a disposable VM or container.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make check-integration
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
There is also a check-container target that will run the testsuite inside
|
|
Packit Service |
84cb3c |
various podman/docker containers. This is useful for coverage of multiple
|
|
Packit Service |
84cb3c |
distributions. It also runs tests that may be destructive to the host such as
|
|
Packit Service |
84cb3c |
integration tests.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
make check-container TESTSUITEFLAGS="-j4"
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
RPM package
|
|
Packit Service |
84cb3c |
-----------
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
For Fedora and RHEL based distributions, there is a spec file in the source
|
|
Packit Service |
84cb3c |
repo named firewalld.spec. This should be usable for Fedora versions >= 16 and
|
|
Packit Service |
84cb3c |
RHEL >= 7.
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Links
|
|
Packit Service |
84cb3c |
-----
|
|
Packit Service |
84cb3c |
Homepage: http://firewalld.org
|
|
Packit Service |
84cb3c |
Report a bug: https://github.com/firewalld/firewalld/issues
|
|
Packit Service |
84cb3c |
Git repo browser: https://github.com/firewalld/firewalld
|
|
Packit Service |
84cb3c |
Git repo: https://github.com/firewalld/firewalld.git
|
|
Packit Service |
84cb3c |
Documentation: http://firewalld.org/documentation/
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Mailing lists
|
|
Packit Service |
84cb3c |
-------------
|
|
Packit Service |
84cb3c |
For usage: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/
|
|
Packit Service |
84cb3c |
For development: https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
|
|
Packit Service |
84cb3c |
Directory Structure
|
|
Packit Service |
84cb3c |
-------------------
|
|
Packit Service |
84cb3c |
config/ Configuration files
|
|
Packit Service |
84cb3c |
config/icmptypes/ Predefined ICMP types
|
|
Packit Service |
84cb3c |
config/services/ Predefined services
|
|
Packit Service |
84cb3c |
config/zones/ Predefined zones
|
|
Packit Service |
84cb3c |
config/ipsets/ Predefined ipsets
|
|
Packit Service |
84cb3c |
doc/ Documentation
|
|
Packit Service |
84cb3c |
doc/man/ Base directory for man pages
|
|
Packit Service |
84cb3c |
doc/man/man1/ Man(1) pages
|
|
Packit Service |
84cb3c |
doc/man/man5/ Man(5) pages
|
|
Packit Service |
84cb3c |
po/ Translations
|
|
Packit Service |
84cb3c |
shell-completion/ Base directory for auto completion scripts
|
|
Packit Service |
84cb3c |
src/ Source tree
|
|
Packit Service |
84cb3c |
src/firewall/ Import tree for the sevice and all applications
|
|
Packit Service |
84cb3c |
src/icons/ Icons in the sizes: 16, 22, 24, 32, 48 and scalable
|
|
Packit Service |
84cb3c |
src/tests/ Testsuite
|