Documentation Networking Beat
(NM mobile broadband)
|(One intermediate revision by one user not shown)|
|Line 1:||Line 1:|
= firewalld =
= firewalld =
Revision as of 20:08, 15 April 2013
Improved Mobile Broadband Support
Fedora 19 includes a new, more capable version of ModemManager for interacting with mobile broadband devices. This version provides better support for multi-mode devices like Qualcomm Gobi WWAN cards and other devices that support both CDMA/EVDO/LTE and/or GSM/UMTS/LTE simultaneously. To provide this support, the D-Bus API of ModemManager has changed, which may require updates in applications that interact with ModemManager to control WWAN devices.
Many devices will connect and authenticate using the NetworkManager GUI. `nm-cli` has added features to configure mobile connections. For more detailed usage information, consult http://fedoraproject.org/wiki/Features/MoreMobileBroadband .
locking the firewall
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
<whitelist> <command name="/usr/bin/python /usr/bin/firewall-cmd" </whitelist>
The firewall must be reloaded to refresh the whitelist:
configuring the firewall
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
The latest versions of the popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
stable network interface naming
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .