Feature changed by: Karl Cheng (qantas94heavy) Feature #318356, revision 11 Title: Add firewalld and YaST support to openSUSE
- openSUSE Distribution: New + openSUSE Distribution: Done Priority Requester: Desirable
Requested by: Mathias Homann (lemmy04) Partner organization: openSUSE.org
Description: firewalld provides a dynamic firewall that can handle iptables, ip6tables and ebtables based on the connections saved in NetworkManager. With firewalld the firewall configuration can be changed "on the fly" without having to reload the whole firewall tables. Firewalld is particularly useful for computers with highly volatile network setups, i.e. mobile hardware (laptops) or virtualization hosts. it would be desirable to add firewalld as an alternative to SuSEfirewall2 for users that want it. Apart from the firewalld package itself, it's necessary to add firewalld support to Yast2 so modules can manipulate ports and services just like it happens with SuSEFirewall2 at the moment. Finally, it's also needed to enhance the yast2-firewall module to provide some support for firewalld. The UI can be replaced by the firewall-config which is shipped in the upstream code. As a result of which it will not be possible to provide ncurses ui support. The alternative to the firewall-config GTK UI would be the regular yast2 command line interface
Test Case: Test case: I have been using firewalld from home:lemmy04:firewalld for a couple of months now to no ill effect. Test case 2: firewalld in its current version is the default firewall subsystem in fedora and RHEL7...
Use Case: In Network Manager you can define for each stored connection which firewall zone will be used for the interface if that connection is used. Best use case for this: wireless interface on a laptop of someone who travels a lot.
Business case (Partner benefit): openSUSE.org: SuSEfirewall2 is static and according to its developer not actively developed anymore. Also, current network setups can easily call for more than three zones, which firewalld provides by default.
Discussion: #1: Mustafa Muhammad (mustafa_muhammad) (2015-01-20 13:50:33) I think this is a really important feature to have, I've tried openSUSE in a server last week and I struggled with the firewall, I think firewalld is more flexible and user friendly than SuSEfirewall, I use it on Fedora and CentOS.
#2: Markos Chandras (markoschandras) (2016-02-26 11:17:30) Hi, This is now in the openSUSE Tumbleweed. The devel project is here https://build.opensuse.org/package/show/security:netfilter/firewalld
#3: Michal Papis (mpapis) (2016-04-16 14:04:59) here is tutorial what I had to do to enable proper zeroconf configuration, most of it was switching to firewalld :( http://niczsoft.com/2016/04/zeroconf-on-opensuse/
#4: Karl Cheng (qantas94heavy) (2016-11-16 08:14:21) firewalld has now been added to the main repositories for Leap 42.2 and Tumbleweed, but I don't think there's been any work on YaST integration yet (not familiar with firewalld though).
#5: Jose Roberto Alas (cheperobert) (2017-09-11 19:26:43) Firewalld is very interactive and powerful, I think it would look great that it was in Yast. I am using it in CentOS and I have seen that it works very well.