The release of the dynamically managed firewalld 1.2 firewall, implemented in the form of a wrapper over the nftables and iptables packet filters, has been published. Firewalld runs as a background process that allows packet filter rules to be changed dynamically over D-Bus without having to reload packet filter rules and without dropping established connections. The project is already in use on many Linux distributions, including RHEL 7+, Fedora 18+, and SUSE/openSUSE 15+. The firewalld code is written in Python and distributed under the GPLv2 license.
To manage the firewall, the firewall-cmd utility is used, which, when creating rules, is based not on IP addresses, network interfaces and port numbers, but on the names of services (for example, to open access to SSH, you need to execute "firewall-cmd -add -service = ssh", to close SSH - "firewall-cmd --remove --service=ssh"). The firewall-config (GTK) graphical interface and the firewall-applet (Qt) applet can also be used to change the firewall configuration. Support for firewall management via D-BUS API firewalld is available in projects such as NetworkManager, libvirt, podman, docker, and fail2ban.
Major changes:
- The snmptls ββand snmptls-trap services have been implemented to handle access to the SNMP protocol through a secure communication channel.
- Implemented a service that supports the protocol used in the decentralized IPFS file system.
- Added services with support for gpsd, ident, ps3netsrv, CrateDB, checkmk, netdata, Kodi JSON-RPC, EventServer, Prometheus node-exporter, kubelet-readonly, and a secure version of k8s controller-plane.
- Added "--log-target" parameter.
- A failsafe launch mode has been added, which allows, in case of problems with the specified rules, to roll back to the default configuration without leaving the host unprotected.
- bash provides support for autocompletion of commands for working with rules.
Source: opennet.ru