ginger icon indicating copy to clipboard operation
ginger copied to clipboard

Published 20 hours ago verified publisher icon kimchi-project

firewall zones configuration for the network interfaces

Open potula-chandra opened this issue 9 years ago • 2 comments

Listing the firewall zones and give end user option of configuring the firewall zone to the network interface would be good to have feature.

Zone management:

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined.

To get the default zone, type:

firewall-cmd --get-default-zone

public

To get the list of zones where you’ve got network interfaces assigned to, type:

firewall-cmd --get-active-zones

public interfaces: eth0

To get the list of all the available zones, type:

firewall-cmd --get-zones

block dmz drop external home internal public trusted work

To get all the details about the public zone, type:

firewall-cmd --zone=public --list-all

public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

potula-chandra avatar Jan 03 '16 10:01 potula-chandra

At first glance firewall-cmd isnt't available for Ubuntu, so this feature would be fedora/rhel only

Make sure to implement the is_feature_available API properly. Actually we should've done that with the cfginterfaces model already ... Em 03/01/2016 8:42 AM, "Chandra Shekhar Reddy" [email protected] escreveu:

Listing the firewall zones and give end user option of configuring the firewall zone to the network interface would be good to have feature

Zone management:

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined

To get the default zone, type: firewall-cmd --get-default-zone

public

To get the list of zones where you’ve got network interfaces assigned to, type: firewall-cmd --get-active-zones

public interfaces: eth0

To get the list of all the available zones, type: firewall-cmd --get-zones

block dmz drop external home internal public trusted work

To get all the details about the public zone, type: firewall-cmd --zone=public --list-all

public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

— Reply to this email directly or view it on GitHub https://github.com/kimchi-project/ginger/issues/107.

danielhb avatar Jan 03 '16 11:01 danielhb

I'll have a crack at this when I have the chance.

If anyone is in a rush for this let me know and I'll reassign the issue

danielhb avatar Jul 07 '16 14:07 danielhb