Language Selection

English French German Italian Portuguese Spanish

Firewalld 1.0 Released With Big Improvements

Filed under
Software

Firewalld was started by Red Hat a decade ago for managing Linux firewall functionality with Netfilter. Ten and a half years after the first release, Firewalld 1.0 was released this afternoon.

Firewalld 1.0 comes with breaking changes including dropping of Python 2 support, other dependency changes, support for intra-zone forwarding by default, NAT rules being moved to iNet family, the default target now being similar to reject, deprecating the older IPTables back-end, and more.

Read more

Firewalld 1.0 Firewall Management Tool is Here...

  • Firewalld 1.0 Firewall Management Tool is Here with Big Improvements

    Ten years after its first release, Firewalld reached version 1.0. The biggest change is removing Python 2 support.

    Firewalld is front-end controller for iptables and nftables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. The name Firewalld adheres to the Unix convention of naming system daemons by appending the leter “d”.

    Firewalld is easier to manage and configure than iptables. It offer a very flexible way to handle the firewall management compared to iptables. There are no long series of chains, jumps, accepts and denies that you need to memorize to get Firewalld up and running. It manages rulesets dynamically, allowing updates without breaking existing sessions and connections. Changes can be done immediately in the runtime environment. No restart of the service or daemon is needed.

Firewalld 1.0: Red Hat modernizes firewall configuration...

  • Firewalld 1.0: Red Hat modernizes firewall configuration on Linux

    Many 0.xx versions of Firewalld have accumulated over the years. With version 1.0 of the tool for network firewall configuration under Linux, Red Hat is now cutting old threads and reducing dependencies. The new version is no longer compatible with Python 2. In addition, the project declares Direct Interface and the PTables backend to be out of date. We have also said goodbye to the tftp client service.

    The upcoming release also raises intra-zone forwarding to the standard. By moving the NAT rules to the iNet family, the rule set is reduced. The default target is now similar to reject. ICMP blocks and block reversal are now only valid for input and not for forwarding. CleanupModulesOnExit is set to no by default and kernel modules are not unloaded.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

From ‘guix environment’ to ‘guix shell’

There are times when what looked like the right design choice some years back comes out as an odd choice as time passes. The beloved guix environment tool is having that fate. Its command-line interface has become non-intuitive and annoying for the most common use cases. Since it could not be changed without breaking compatibility in fundamental ways, we devised a new command meant to progressively replace it; guix shell—that’s the name we unimaginatively ended up with—has just landed after a three-week review period, itself a followup to discussions and hesitations on the best course of action. This post introduces guix shell, how it differs from guix environment, the choices we made, and why we hope you will like it. Read more

SUSE/OpenSUSE: Digest of YaST Development Sprints, SUSE Linux Enterprise Micro 5.1, and Documentation by Meike Chabowski

  • Digest of YaST Development Sprints 133 & 134

    Let us start by quoting our latest report: “regarding the management of users, we hope to report big improvements in the next blog post”. Time has indeed come and we can now announce we brought the revamped users management described in this monographic blog post to the last parts of YaST that were still not taking advantage of the new approach. The changes are receiving an extra round of testing with the help of the Quality Assurance team at SUSE before we submit them to openSUSE Tumbleweed. When that happens, both the interactive YaST module to manage users and groups and its corresponding command line interface (not to be confused with the ncurses-powered text mode) will start using useradd and friends to manage users, groups and the related configurations.

  • SUSE Linux Enterprise Micro 5.1 is Generally Available

    Today, we are proud to announce the release of SUSE Linux Enterprise Micro 5.1 – a lightweight and secure operating system built for containerized and virtualized workloads. [...] SLE Micro can be used as a single-node container host, Kubernetes cluster node, single-node KVM virtualization host or in public cloud. Since its built to scale, customers can incorporate SLE Micro into their digital transformation plans – whether at the edge or supporting edge deployments with mainframes – in a way that allows them to transition workload designs from monolithic to microservices, at their own pace. They can start with container workloads or virtualize their current legacy workloads, then move to containerized workloads when they are ready, with no change in the underlying system platform.

  • SUSE Expands Computing Possibilities Beyond the Edge with SUSE Linux Enterprise Micro 5.1
  • SUSE Expands Computing Possibilities Beyond the Edge with SUSE Linux Enterprise Micro 5.1
  • Document formats – There is choice [Ed: Meike Chabowski on formats of documentation files in SUSE]

    For publishing large documentation projects, DocBook is the ideal framework. It consists of a language (DocBook XML) and a set of stylesheets to translate this language into different output formats such as HTML, PDF, and EPUB. The stylesheets define the layout you want to apply when transforming the XML sources into output formats. For SUSE documentation, we wrote our own XSLT stylesheets to ensure the corporate design is properly reflected. The language DocBook XML is based on the eXtensible Markup Language (XML) and defines the content in a semantic way through elements like in HTML. DocBook itself is written as a schema that defines the element names and the content and where they can appear. The DocBook schema is used to fulfill two tasks: guided editing and validation. Guided editing is done via an XML editor (such as oXygen, Vim or Emacs). The editor reads in the DocBook schema and suggests which elements are allowed in the current context. Validation gives hints about structural errors in an XML document; this could, for example, be a missing element.

Authelia: Open-source SSO Single Sign-on for enterprise

Single Sign-on (SSO), is a technology that combines several app login screens into one single login. In contrast, it offers a session and user authentication service for a user to use a single login for many apps. Let us take Google as an example, soon as login into your Google Gmail account, you have access to all Google services like Google calendar, Google Drive, Developer account YouTube, and Google Play Store, and more other services. Read more

OVPN-Admin is a Simple Web UI to Manage OpenVPN Users

OVPN-Admin makes the administration of OpenVPN users, their certificates and routes quickly and easily by using a convenient web-based UI. OpenVPN is one of the most popular VPN protocols among VPN users. It’s both – a VPN protocol and software that uses VPN techniques to secure point-to-point and site-to-site connections. OpenVPN is an open source and free VPN option for those looking to protect their privacy. It uses the TLS/SSL protocol for key exchange and can travel through firewalls and NATs (Network Address Translators). However, the administration of the OpenVPN users requires certain level of skills with the Linux command line. Read more