User:Wjn/Firewalld

From Gentoo Wiki
Jump to: navigation, search

firewalld is a firewall service daemon with D-Bus interface

Offcial site

prerequisite

packages

These packages are necessary

  • net-firewall/iptables[ipv6]
  • net-firewall/ebtables
  • net-firewall/ipset

Note: net-firewall/ipset can provide a kernel module as well as a command. If net-firewall/ipset[-modules], modules must be provided by Linux kernel.

kernel configuration

I don't investigate closely. But these modules are automatically loaded in my system.

  • ebtable_broute
  • ebtable_filter
  • ebtable_nat
  • ebtables
  • ip6_tables
  • ip6t_REJECT
  • ip6t_rpfilter
  • ip6table_filter
  • ip6table_mangle
  • ip6table_raw
  • ip_set
  • ip_tables
  • ipt_REJECT
  • iptable_filter
  • iptable_mangle
  • iptable_nat
  • iptable_raw
  • nf_conntrack
  • nf_conntrack_broadcast
  • nf_conntrack_ipv4
  • nf_conntrack_ipv6
  • nf_conntrack_netbios_ns
  • nf_defrag_ipv4
  • nf_defrag_ipv6
  • nf_nat
  • nf_nat_ipv4
  • nf_reject_ipv4
  • nf_reject_ipv6
  • nfnetlink
  • x_tables
  • xt_CT
  • xt_conntrack
  • xt_tcpudp

services

  • rc-service firewalld start or systemctl start firewalld
  • rc-update add firewalld default or systemctl enable firewalld

debug

  • Logs is at /var/log/firewalld
  • Run iptables -L -n, ip6tables -L -n and ebtables -L

GUI interface

firewalld version 0.4.4 or later depends on GTK+:3 and PyQt5. Older versions depend on GTK+:3 and PyQt4.

firewalld vs ufw

  • firewalld is used in RHEL/CentOS 7. ufw is used in Ubuntu.
  • firewalld is much more functional.
  • ufw is very simple. It's for newbies.

I prefer executing iptables directly to executing ufw.