On Wed, Mar 17, 2021 at 8:46 AM Eric Garver <egarver(a)redhat.com> wrote:
On Wed, Mar 17, 2021 at 07:56:07AM -0400, Neal Gompa wrote:
> Hey all,
> With the release of Mageia Linux 8, I wanted to highlight something
> that may be interesting to the FirewallD community: the introduction
> of a new tool by Mageia's ManaTools team: ManaFirewall.
> The ManaFirewall tool is a rewrite of the drakfirewall tool that has
> been part of the Mandriva/Mageia Control Center for decades. The old
> tool was written in Perl and used Shorewall, this new one is written
> in Python 3 and uses FirewallD. Additionally, since it uses the
> ManaTools application framework, it automatically has Qt5, GTK3,
> and ncurses based UIs through its usage of the libyui library from
> the folks at SUSE along with Mageia's extensions.
> In addition to being available for Mageia Linux 8, I have also brought
> it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built
> it for Fedora 34 and Rawhide, and submitted it as an update for Fedora
Thanks for also making it available in Fedora!
> The ManaFirewall tool is relatively new and the functionality isn't to
> the same level as firewall-config yet, but the long-term goal is to
> reach feature parity and provide a comfortable experience managing
> FirewallD regardless of environment (desktop or server).
I'm very happy to see this. The current firewall-config GUI is not
fantastic and I simply don't have time to work on it. I really like that
it has multiple toolkit support, especially ncurses.
I have a couple questions:
1. Why a new UI instead of contributing to firewall-config?
- Is it for a native to Mageia feel?
The main reason was that firewall-config is GTK only, and a
requirement for Mageia is that new tools need to work across all
desktops and headless environments. Mageia *does* package
firewall-config, but it's not appealing to integrate when the primary
desktop is KDE Plasma (which is Qt5). I knew there were attempts in
the past to write a Qt5 version of the UI, so I hoped this would be
well-received as an alternative to firewall-config for those who
prefer a UI that fits in better with different desktops.
2. Do you plan to support policy objects  ?
- this would make it the first and only GUI to support them
I don't see why not. The UI currently mimics firewall-config as a
starting point, but adding new features like this would be very
appealing. Angelo (the main developer, who I CC'd to this email) would
likely need some help to understand the feature. If you could hang out
in the IRC channel and be willing to answer questions, it could
probably get done relatively soon. :)
3. Any thing missing that you need to support the new GUI?
- if so, please file enhancement requests on github
Something that has come up that was a bit annoying is that all D-Bus
APIs are privileged, rather than just the "write" APIs. Reading the
firewall state should work without triggering a polkit dialog. I think
Rex Dieter (who I CC'd to this email) was working on writing a polkit
policy to fix this for Plasma Firewall, which would also benefit
> If anyone is interested in contributing to helping make this a
> reality, they are very welcome! The ManaTools team is available on the
> #manatools IRC channel on Freenode.
If you are interested, a post about manafirewall on the firewalld blog
would be great. Just submit a pull request  and I'll review/merge.
I certainly will do that! :)
Thanks for all the hard work!
Thank you for being so supportive!
真実はいつも一つ！/ Always, there's only one truth!