From Fedora Project Wiki

(updating firewalld notes)
(NM mobile broadband)
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{header|docs}}
{{header|docs}}
{{Docs_beat_open}}
{{Docs_beat_open}}
= federated VOIP=


== Consistent network device naming ==
= Improved Mobile Broadband Support =
Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.


Fedora 18 continues previous releases' use of '''biosdevname''' to set network device names in a deterministic manner. Ethernet ports embedded on server motherboards will be named <code>em<port_number></code>, while ports on PCI cards will be named <code>p<slot_number>p<port_number></code>, corresponding to the chassis labels. This feature may be disabled by passing <code>"biosdevname=0"</code> on the kernel command line, in which case, behavior will revert to using ethX names.  
Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .


== better network security with firewalld ==
= firewalld =
'''firewalld''' will be the default firewall solution for Fedora 18, replacing '''iptables'''.  Using '''firewalld'''will allow for application of policy changes without reloading, allowing connection states to stay unbroken when rules are changed. A D-BUS interface allows approved applications to communicate status and present complex or temporary needs to the firewall without requiring hand configuration by an administrator. This improves support for dynamic environments like libvirtd. Manual administration can be done with firewall-cmd. Documentation on firewalld can be found in the included manpages, firewall-cmd(1), firewalld(1), firewalld.conf(5), firewalld.icmptype(5), firewalld.service(5), firewalld.zone(5).
== locking the firewall ==
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->


== Team Driver improves NIC bonding ==
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
Fedora 18 includes Team Driver which provides a possibility to team multiple network interfaces together so they act like a single network interface. This extends teaming possibilities provided by existing bonding driver. It also provides userspace driven, modular alternative to bonding driver. Usage information can be found in man teamd.conf(5), man teamd(8), and man teamdctl(8).
 
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>
 
The firewall must be reloaded to refresh the whitelist:
firewall-cmd --reload
 
== configuring the firewall ==
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
 
= BIND10 =
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
 
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
= stable network interface naming =
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
 
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .


[[Category:Docs Project]]
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]
[[Category:Documentation beats]]

Revision as of 20:08, 15 April 2013

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer

federated VOIP

Improved Mobile Broadband Support

Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.

Many devices will connect and authenticate using the NetworkManager GUI. nm-cli has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .

firewalld

locking the firewall

Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.

To lock down the firewall, set Lockdown=yes in /etc/firewalld/firewalld.conf

Whitelist definitions are kept in /etc/firewalld/lockdown-whitelist.xml. This example whitelist allows firewall-cmd to configure the firewall: 

<whitelist>
<command name="/usr/bin/python /usr/bin/firewall-cmd"
</whitelist>

The firewall must be reloaded to refresh the whitelist: 

firewall-cmd --reload

configuring the firewall

Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .

BIND10

The latest versions of the popular nameserver bind and dhcp server dhcpd server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for named and SQL backend for dhcpd.

For more information, consult the bind10 manual at http://bind10.isc.org/docs/bind10-guide.html .

stable network interface naming

The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in /etc/system/network-scripts, although in most cases biosdevname will continue to manage naming.

For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .

Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_Networking_Beat&oldid=330959"