Announcement: firewalld as a container
Hi, With firewalld 1.1.0 upstream released additonal a firewalld container. Beside some other bigger problems at the beginning, this container comes with his own dbus daemon. Which means, podman, NetworkManager, wicked and other tools cannot communicate with firewalld and will most likely mess up the system with own iptables rules. So I thought about this could be done better and here it is, my firewalld container. It still contains a dbus daemon (firewalld RPM requires that...), but works with the system dbus daemon: https://github.com/thkukuk/firewalld-container/ The container image can be found here: registry.opensuse.org/home/kukuk/container/firewalld I use runlabel to install the required files: podman container runlabel install registry.opensuse.org/home/kukuk/container/firewalld Most likely you have to restart polkit afterwards, if you are using it. MicroOS does not install polkit by default, so no issue there. Run it: podman container runlabel run registry.opensuse.org/home/kukuk/container/firewalld or use "systemctl start firewalld". and if you want to get rid of it again: podman container runlabel uninstall registry.opensuse.org/home/kukuk/container/firewalld Bear with me, it's the first time I use runlabel. I'm more than happy about any remarks or improvements. And after two days of testing, I'm so confident from it that I will deploy it on my productive systems the next days :) Thorsten -- Thorsten Kukuk, Distinguished Engineer, Senior Architect SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany Managing Director: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman (HRB 36809, AG Nürnberg)
participants (1)
-
Thorsten Kukuk