< Features
(Created page with "= firewalld Rich Language = == Summary == This feature adds a high level language to firewalld, that allowes to easily create complex firewall rules without the knowledge of ...") |
No edit summary |
||
| Line 2: | Line 2: | ||
== Summary == | == Summary == | ||
This feature adds a high level language to firewalld, that | This feature adds a rich (high level) language to firewalld, that allows to easily create complex firewall rules without the knowledge of iptables syntax. | ||
== Owner == | == Owner == | ||
| Line 14: | Line 14: | ||
== Detailed Description == | == Detailed Description == | ||
Curretnly, complex firewall rules can only be added using the direct interface of firewalld. But this requires to know the syntax of iptables and the rules are not permanent. | |||
With the rich language more complex firewall rules can be created in an easy to understand way. The language will use keywords with values. | With the rich language more complex firewall rules can be created in an easy to understand way. The language will use keywords with (sometimes multiple) values and will be an abstract representation of ip*tables and ebtables rules. Services and zones can be configured using this language, the current configuration will still be supported. | ||
The configuration with files will be available for Fedora 19. The D-BUS interface should be | A mixture of the old and new configuration of services and zones might be possible, but this needs to be verified. With the possibility to use the rich language in services and zones, the configuration will also be permanent. | ||
The configuration with files will be available for Fedora 19. The D-BUS interface with the command line client should be finished, but this depends on Fedora 19 schedule. UI work will most likely be available later (depends on Fedora 19 schedule also). | |||
== Benefit to Fedora == | == Benefit to Fedora == | ||
More powerful and easier firewall configuration. | |||
== Scope == | == Scope == | ||
| Line 27: | Line 29: | ||
== How To Test == | == How To Test == | ||
Create firewall rules using the rich language. | Create firewall rules using the rich language in services and zones. More to come. | ||
== User Experience == | == User Experience == | ||
Users will be able to easily create more powerful and also permanent firewall configurations. | |||
== Dependencies == | == Dependencies == | ||
| Line 36: | Line 38: | ||
== Contingency Plan == | == Contingency Plan == | ||
Only users of the new language | Disabling or reverting of the feature should be easy as it will be created as an addition to the current configuration. Only users of the new language will be affected. | ||
== Documentation == | == Documentation == | ||
This will be added with feature progress. | |||
== Release Notes == | == Release Notes == | ||
Fedora 19 includes the latest firewalld version that supports a rich language to be able to create | Fedora 19 includes the latest firewalld version that supports a rich language to be able to create more complex firewalls in a easy way. | ||
== Comments and Discussion == | == Comments and Discussion == | ||
Revision as of 14:58, 29 January 2013
firewalld Rich Language
Summary
This feature adds a rich (high level) language to firewalld, that allows to easily create complex firewall rules without the knowledge of iptables syntax.
Owner
- Name: Thomas Woerner
- Email: twoerner@redhat.com
Current status
- Targeted release: Fedora 19
- Last updated: 2013-02-28
- Percentage of completion: 10%
Detailed Description
Curretnly, complex firewall rules can only be added using the direct interface of firewalld. But this requires to know the syntax of iptables and the rules are not permanent.
With the rich language more complex firewall rules can be created in an easy to understand way. The language will use keywords with (sometimes multiple) values and will be an abstract representation of ip*tables and ebtables rules. Services and zones can be configured using this language, the current configuration will still be supported.
A mixture of the old and new configuration of services and zones might be possible, but this needs to be verified. With the possibility to use the rich language in services and zones, the configuration will also be permanent.
The configuration with files will be available for Fedora 19. The D-BUS interface with the command line client should be finished, but this depends on Fedora 19 schedule. UI work will most likely be available later (depends on Fedora 19 schedule also).
Benefit to Fedora
More powerful and easier firewall configuration.
Scope
Only needs changes in firewalld and it's components.
How To Test
Create firewall rules using the rich language in services and zones. More to come.
User Experience
Users will be able to easily create more powerful and also permanent firewall configurations.
Dependencies
None.
Contingency Plan
Disabling or reverting of the feature should be easy as it will be created as an addition to the current configuration. Only users of the new language will be affected.
Documentation
This will be added with feature progress.
Release Notes
Fedora 19 includes the latest firewalld version that supports a rich language to be able to create more complex firewalls in a easy way.