README for firewalld

====================

firewalld provides a dynamically managed firewall with support for network or 

firewall zones to define the trust level of network connections or interfaces. 

It has support for IPv4, IPv6 firewall settings and for ethernet bridges and a 

separation of runtime and permanent configuration options. It also provides an 

interface for services or applications to add ip*tables and ebtables rules 

directly. 

Development

-----------

To check out the source repository, you can use:

  git clone https://github.com/firewalld/firewalld.git

This will create a local copy of the repository.

Language Translations

---------------------

Firewalld uses GNU gettext for localization support. Translations can be done

using Fedora's Weblate instance [1]. Translations are periodically merged into

the main firewalld repository.

[1] https://translate.stg.fedoraproject.org/projects/firewalld/

Working With The Source Repository

----------------------------------

Install the following requirements or packages:

  desktop-file-utils: /usr/bin/desktop-file-install

  gettext

  intltool

  glib2: /usr/bin/glib-compile-schemas

  glib2-devel: /usr/share/aclocal/gsettings.m4

  systemd-units

  iptables

  ebtables

  ipset

For use with Python 3:

  python3-dbus

  python3-slip-dbus

  python3-decorator

  python3-gobject

  python3-nftables (nftables >= 0.9.3)

For use with Python 2:

  dbus-python

  python-slip-dbus (http://fedorahosted.org/python-slip)

  python-decorator

  pygobject3-base (non-cairo parts of pygobject3)

  python-nftables (nftables >= 0.9.3)

To be able to create man pages and documentation from docbook files:

  docbook-style-xsl

  libxslt

Use the usual autoconf/automake incantation to generate makefiles

  ./autogen.sh

  ./configure

You can use a specific python interpreter by passing the PYTHON variable. This

is also used by the testsuite.

  ./configure PYTHON=/path/to/python3

Use

  make

to create the documentation and to update the po files.

Use

  make check

to run the testsuite. Tests are run inside network namespaces and do not

interfere with the host's running firewalld. They can also be run in parallel

by passing flags to autotest.

  make check TESTSUITEFLAGS="-j4"

The testsuite also uses keywords to allow running a subset of tests that

exercise a specific area.

For example:

  make check TESTSUITEFLAGS="-k rich -j4"

   24: rich rules audit                                ok

   25: rich rules priority                             ok

   26: rich rules bad                                  ok

   53: rich rules audit                                ok

   23: rich rules good                                 ok

   55: rich rules bad                                  ok

   74: remove forward-port after reload                ok

You can get a list of tests and keywords

  make -C src/tests check TESTSUITEFLAGS="-l"

Or just the keywords

  make -C src/tests check TESTSUITEFLAGS="-l" \

    |awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \

    |tr ' ' '\n' |sort |uniq

There are integration tests. Currently this includes NetworkManager. These may

be _destructive_ to the host. Run them in a disposable VM or container.

    make check-integration

There is also a check-container target that will run the testsuite inside

various podman/docker containers. This is useful for coverage of multiple

distributions. It also runs tests that may be destructive to the host such as

integration tests.

  make check-container TESTSUITEFLAGS="-j4"

RPM package

-----------

For Fedora and RHEL based distributions, there is a spec file in the source

repo named firewalld.spec. This should be usable for Fedora versions >= 16 and

RHEL >= 7.

Links

-----

Homepage:          http://firewalld.org

Report a bug:      https://github.com/firewalld/firewalld/issues

Git repo browser:  https://github.com/firewalld/firewalld

Git repo:          https://github.com/firewalld/firewalld.git

Documentation:     http://firewalld.org/documentation/

Mailing lists

-------------

For usage:         https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/

For development:   https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/

Directory Structure

-------------------

config/                 Configuration files

config/icmptypes/       Predefined ICMP types

config/services/        Predefined services

config/zones/           Predefined zones

config/ipsets/          Predefined ipsets

doc/                    Documentation

doc/man/                Base directory for man pages

doc/man/man1/           Man(1) pages

doc/man/man5/           Man(5) pages

po/                     Translations

shell-completion/       Base directory for auto completion scripts

src/                    Source tree

src/firewall/           Import tree for the sevice and all applications

src/icons/              Icons in the sizes: 16, 22, 24, 32, 48 and scalable

src/tests/              Testsuite