From Fedora Project Wiki

No edit summary
No edit summary
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{header|docs}}
{{header|docs}}{{Docs_beat_open}}
{{Docs_beat_open}}
[[Category:Docs Project]]
= federated VOIP=
[[Category:Draft documentation]]
 
[[Category:Documentation beats]]
= firewalld =
== locking the firewall ==
Dynamic firewall configuration by application can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
<!-- asked for manpages at https://bugzilla.redhat.com/show_bug.cgi?id=952364 -->


To lock down the firewall, set `Lockdown=yes` in `/etc/firewalld/firewalld.conf`
-- https://git.fedorahosted.org/cgit/initscripts.git/log/?showmsg=1 reviewed as of [[User:Immanetize|Pete Travis]] ([[User talk:Immanetize|talk]]) 19:14, 1 May 2014 (UTC)
* from initscripts:
  Currently, team masters and slaves are supported
  via ifup-Team* and ifdown-Team* scripts shipped in
  teamd package. It uses somehow ugly workaround where
  user have to specify DEVIVETYPE to "Team" or "TeamPort".
  This turned out to be non-optimal solution as this is
  confusing users. Also it does not work when TYPE is set.
  So fix this by adding the team support hooks directly
  into initscripts. Now for team port, user needs only to set:
  TEAM_MASTER="teamx" and for team master, user needs only to set:
  TEAM_CONFIG="...whatever..."
  Signed-off-by: Jiri Pirko <jiri@resnulli.us>


Whitelist definitions are kept in `/etc/firewalld/lockdown-whitelist.xml`. This example whitelist allows `firewall-cmd` to configure the firewall:
=== ppp support moved from initsccripts to ppp ===
<whitelist>
"""
<command name="/usr/bin/python /usr/bin/firewall-cmd"
The ppp package contains the PPP (Point-to-Point Protocol) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP (Internet Service Provider) or other organization over a modem and phone line.
</whitelist>
"""


The firewall must be reloaded to refresh the whitelist:
=== initscripts support for bridge prio, aging ===
firewall-cmd --reload
( maybe also NetworkManager supports these? )
 
When using network.servoce, interface definitions in /etc/sysconfig/network-scripts/ for bridges can now include declarations for bridge priority and aging. Use these parameters:
== configuring the firewall ==
Configuring firewalld is now possible using high level, human readable language. firewalld's XML rule definitions make advanced configuration easy. For more information, read the feature page at http://fedoraproject.org/wiki/Features/FirewalldRichLanguage .
 
= BIND10 =
The latest versions of the  popular nameserver `bind` and dhcp server `dhcpd` server are now available for Fedora. The BIND10 suite features include a RESTful configuration API and sqlite database backend for `named` and SQL backend for `dhcpd`.
 
For more information, consult the `bind10` manual at http://bind10.isc.org/docs/bind10-guide.html .
   
   
= stable network interface naming =
  PRIO=<num>
The udevd service has a long history of providing predictable names for block devices and others. Fedora will now also use udev naming for network interfaces by default, providing more reliable interface names on systems with multiple network devices. Alternative naming schemes, such as custom udev rules or biosdevname, will override this default. Users upgrading from previous releases may need to update the device names referenced in `/etc/system/network-scripts`, although in most cases `biosdevname` will continue to manage naming.
* where <num> a number between 0 and 255 is used to determine the relative bridge priority. Useful for applications requiring multiple bridges. See http://www.tldp.org/HOWTO/BRIDGE-STP-HOWTO/advanced-bridge.html#STP for more details.


For more information, read http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames .
  AGEING=<NUM>
 
* where num is the number of seconds to keep a MAC address in the forwarding database after the last packet received from it. Usually does not need to be modified.
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]

Revision as of 19:14, 1 May 2014

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer

-- https://git.fedorahosted.org/cgit/initscripts.git/log/?showmsg=1 reviewed as of Pete Travis (talk) 19:14, 1 May 2014 (UTC)

  • from initscripts:
 Currently, team masters and slaves are supported 
 via ifup-Team* and ifdown-Team* scripts shipped in 
 teamd package. It uses somehow ugly workaround where
 user have to specify DEVIVETYPE to "Team" or "TeamPort". 
 This turned out to be non-optimal solution as this is 
 confusing users. Also it does not work when TYPE is set. 
 So fix this by adding the team support hooks directly 
 into initscripts. Now for team port, user needs only to set: 
 TEAM_MASTER="teamx" and for team master, user needs only to set: 
 TEAM_CONFIG="...whatever..." 
 Signed-off-by: Jiri Pirko <jiri@resnulli.us>

ppp support moved from initsccripts to ppp

""" The ppp package contains the PPP (Point-to-Point Protocol) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an ISP (Internet Service Provider) or other organization over a modem and phone line. """

initscripts support for bridge prio, aging

( maybe also NetworkManager supports these? ) When using network.servoce, interface definitions in /etc/sysconfig/network-scripts/ for bridges can now include declarations for bridge priority and aging. Use these parameters: 

 PRIO=<num>

 AGEING=<NUM>
  • where num is the number of seconds to keep a MAC address in the forwarding database after the last packet received from it. Usually does not need to be modified.
Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_Networking_Beat&oldid=377336"