User:Wjn/Firewalld
From Gentoo Wiki
< User:Wjn
Jump to:navigation
Jump to:search
firewalld is a firewall service daemon with D-Bus interface
Offcial site
- Homepage - http://www.firewalld.org/
- GitHub - https://github.com/t-woerner/firewalld
prerequisite
packages
These packages are necessary
- net-firewall/iptables[ipv6]
- net-firewall/ebtables
- net-firewall/ipset
Note: net-firewall/ipset can provide a kernel module as well as a command. If net-firewall/ipset[-modules], modules must be provided by Linux kernel.
kernel configuration
I don't investigate closely. But these modules are automatically loaded in my system.
- ebtable_broute
- ebtable_filter
- ebtable_nat
- ebtables
- ip6_tables
- ip6t_REJECT
- ip6t_rpfilter
- ip6table_filter
- ip6table_mangle
- ip6table_raw
- ip_set
- ip_tables
- ipt_REJECT
- iptable_filter
- iptable_mangle
- iptable_nat
- iptable_raw
- nf_conntrack
- nf_conntrack_broadcast
- nf_conntrack_ipv4
- nf_conntrack_ipv6
- nf_conntrack_netbios_ns
- nf_defrag_ipv4
- nf_defrag_ipv6
- nf_nat
- nf_nat_ipv4
- nf_reject_ipv4
- nf_reject_ipv6
- nfnetlink
- x_tables
- xt_CT
- xt_conntrack
- xt_tcpudp
services
- rc-service firewalld start or systemctl start firewalld
- rc-update add firewalld default or systemctl enable firewalld
debug
- Logs is at /var/log/firewalld
- Run iptables -L -n, ip6tables -L -n and ebtables -L
GUI interface
firewalld version 0.4.4 or later depends on GTK+:3 and PyQt5. Older versions depend on GTK+:3 and PyQt4.
firewalld vs ufw
- firewalld is used in RHEL/CentOS 7. ufw is used in Ubuntu.
- firewalld is much more functional.
- ufw is very simple. It's for newbies.
I prefer executing iptables directly to executing ufw.