I am trying to make use of firewalld now that I am in F17, but
documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and
added some services to /usr/local/lib/firewalld/services/ . I have
then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I
issue the command firewall-cmd --get-zones. I have set my interface to
use my new zone in the appropriate /etc/sysconfig/network-scripts
file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get
no output, instead of "public," which was the zone it used to receive
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new
zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
I have been looking at firewalld in Fedora 17 in order to understand how
to convert an iptables command that I use in a script into a firewalld
one. The iptables command that I'm using is:
iptables -I INPUT -p udp -i $INTERFACE --dport 67 -j ACCEPT
With firewalld-cmd I can do:
firewall-cmd --add --port=67/udp
But there doesn't seem to be a way for me to specify an interface as well?
As in, I only want to open UDP port 67 on a specific network interface,
not all interfaces.
I'm using Fedora 17 (alpha) at the moment and was interested in testing
out the firewalld. It works so far, but I still have a few questions and
couldn't find much documentation (except for Developers).
*) Why should I change from ip*tables (with the system-config-firewall
front-end) to firewalld as an end-user? So far it seems to me, that
without a GUI (I wouldn't count the firewall-applet as a proper GUI) it
is way harder to configure.
*) My home network consists of 2 laptops with fedora and one Macbook.
I've placed my laptops into the 'home' zone. Now I wanted to share some
files and used samba. I added the service, but next day it didn't work
anymore. Do I really have to enable samba everytime I reboot the system
with 'firewall-cmd --add --zone=home --service=samba'? How can I add a
service permanently to a zone? Sorry if that's a stupid question but I
couldn't find anything about that.
*) I really, really love the zone idea. I hope the firewall-config tool,
that is mentioned in the Fedora Feature Page, will be in the repository
*) The firewall-applet doesn't do much at the moment, does it? Shouldn't
the .desktop file be hidden, so it doesn't show up in the Applications
(that's more a package maintainer problem, I guess)?
Well, that's it for now. I will be using it for a while and report bugs
if I stumble over one. So far no problems in standard usage (that means
no network printer, just casual home-user).