[release-notes] Added ModemManager and firewalld lockdown to Networking beat

Pete Travis immanetize at fedoraproject.org
Thu May 9 06:30:17 UTC 2013 

commit 7b92e7134c6f8edd3ba7069778ce2b7b09c789a0
Author: Pete Travis <immanetize at fedoraproject.org>
Date:   Thu May 9 00:29:06 2013 -0600

    Added ModemManager and firewalld lockdown to Networking beat

 en-US/Networking.xml |   47 ++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 46 insertions(+), 1 deletions(-)
---
diff --git a/en-US/Networking.xml b/en-US/Networking.xml
index 91283c7..61743d0 100644
--- a/en-US/Networking.xml
+++ b/en-US/Networking.xml
@@ -5,6 +5,51 @@
 
 <section>  
   <title>Networking</title>
-  <para />
+  
+  <section>
+    <title>Improved Mobile Broadband support</title>
+    <para>
+      Fedora &PRODVER; includes a new, more capable version of <application>ModemManager</application> for interacting with mobile broadband devices. This version provides better support for multi-mode devices like <productname>Qualcomm Gobi</productname> WWAN cards and and other devices that support the <literal>CDMA/EVDO/LTE</literal> standards, the <literal>GSM/UMTS/LTE</literal> standards, or devices that can support either. To provide this support, the <application>D-Bus</application> API of <application>ModemManager</application> has changed, which may require updates in applications that interact with <application>ModemManager</application> to control WWAN devices.
+    </para>
+    <para>
+      Many devices will connect and authenticate using the <application>NetworkManager</application> GUI. <command>nm-cli</command> has added features to configure mobile connections. For more detailed usage information, consult <ulink url='http://fedoraproject.org/wiki/Features/MoreMobileBroadband' /> .
+    </para>
+  </section>
+
+  <section>
+    <title>firewalld improvements</title>
+    <para>
+      <application>firewalld</application>, introduced as the default firewall solution for Fedora &PREVVER;, adds new features to allow easy configuration of powerful firewalls.
+    </para>
+    <section>
+      <title>Locking the firewall and whitelisting changes</title>
+      <!-- Feature page lists as 80% complete as of 9MAY2013; leaving a limited usage summary for now -->
+      <para>
+        Dynamic firewall configuration by applications can now be locked down completely, or limited to a whitelist. The whitelist can contain commands, users, UIDs, and selinux contexts.
+      </para>
+      <para>
+        To lock down the firewall, set <command>Lockdown=yes</command> in <filename>/etc/firewalld/firewalld.conf</filename> and reload the firewall. 
+        <screen>
+          <command>firewall-cmd --reload</command>
+        </screen>
+        The firewall should be reloaded for any changes to the whitelist to take effect.
+      </para>
+      <para>
+        The whitelist configuration is located in <filename>/etc/firewalld/lockdown-whitelist.xml</filename> and is empty by default. The whitelist below will allow only <command>firewall-cmd</command> to make changes to the firewall. The <emphasis>'*'</emphasis> character allows the rule to match arguments passed to <command>firewall-cmd</command>
+        <screen>
+<![CDATA[        
+<whitelist>
+  <command name="/usr/bin/python /bin/firewall-cmd*" />
+</whitelist>
+]]>
+        </screen>
+      </para>
+      <para>
+        For more information on <application>firewalld</application> lockdown, consult the feature page at <ulink url="http://fedoraproject.org/wiki/Features/FirewalldLockdown" />
+      </para>
+    </section>
+  </section>
+      
+          
 </section>

More information about the docs-commits mailing list