Jump to content

firewalld nightmares


Recommended Posts

firewalld is closely tied to network manager.  i started a bug but the ebuild is buggy enough to warrant moving the discussion to here.

https://bugs.funtoo.org/browse/FL-2327

 

these are the first steps to getting the package running.  firewalld doesn't require dropping connections and entirely resetting the firewall to update rules, its default in fedora & centos.  i think it's going to require some de-systemding.  i haven't worked on it further yet...  last night i spent about 2 hours on this issue.  tonight ill probably spend another 2 tracking down its shortcomings.  i dont need replies i just need to track what updates im making to have it become funtoo friendly.

 

 

http://www.firewalld.org/download/

 

0.2.12 doesn't like me...  lets try 0.3.13, time to dig into ebuilding docs  0.3.13 works with ./configure && make && sudo make install! =D

 

so i found a firewalld ebuild for 0.3.10, how do i setup local overlays so i can tweak this to latest?

 

==== new day ====

system-config-firewall is a dependency of firewalld...  1 this program doesn't like python 3 at all...  2 under python 2.7 it wants to write its iptables configurations @ /etc/sysconfig/iptables & /etc/sysconfig/ip6tables....

 

whoa system-config-firewall is a gui app it does a good job setting things for iptables (in the wrong directory =)

 

https://fedoraproject.org/wiki/SystemConfig/firewall

 

 

 

https://fedoraproject.org/wiki/Features/firewalld-default#Dependencies

 

root@spaceball-1 /home/mkultra/overlays/testing/system-config-firewall-1.2.29 # iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

 

unfortunately ufw is 1000x as effective as this.  it's seriously letting everything through, not stopping much.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...