Hey all,
With the release of Mageia Linux 8, I wanted to highlight something that may be interesting to the FirewallD community: the introduction of a new tool by Mageia's ManaTools team: ManaFirewall[1].
The ManaFirewall tool is a rewrite of the drakfirewall tool that has been part of the Mandriva/Mageia Control Center for decades. The old tool was written in Perl and used Shorewall, this new one is written in Python 3 and uses FirewallD. Additionally, since it uses the ManaTools application framework[2], it automatically has Qt5, GTK3, and ncurses based UIs through its usage of the libyui library[3] from the folks at SUSE along with Mageia's extensions[4].
In addition to being available for Mageia Linux 8, I have also brought it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built it for Fedora 34 and Rawhide, and submitted it as an update for Fedora 34[5].
The ManaFirewall tool is relatively new and the functionality isn't to the same level as firewall-config yet, but the long-term goal is to reach feature parity and provide a comfortable experience managing FirewallD regardless of environment (desktop or server).
If anyone is interested in contributing to helping make this a reality, they are very welcome! The ManaTools team is available on the #manatools IRC channel on Freenode.
[1]: https://github.com/manatools/manafirewall [2]: https://github.com/manatools/python-manatools [3]: https://github.com/libyui/libyui [4]: https://github.com/manatools/libyui-mga [5]: https://bodhi.fedoraproject.org/updates/FEDORA-2021-9867a3782a
On Wed, Mar 17, 2021 at 07:56:07AM -0400, Neal Gompa wrote:
Hey all,
With the release of Mageia Linux 8, I wanted to highlight something that may be interesting to the FirewallD community: the introduction of a new tool by Mageia's ManaTools team: ManaFirewall[1].
The ManaFirewall tool is a rewrite of the drakfirewall tool that has been part of the Mandriva/Mageia Control Center for decades. The old tool was written in Perl and used Shorewall, this new one is written in Python 3 and uses FirewallD. Additionally, since it uses the ManaTools application framework[2], it automatically has Qt5, GTK3, and ncurses based UIs through its usage of the libyui library[3] from the folks at SUSE along with Mageia's extensions[4].
In addition to being available for Mageia Linux 8, I have also brought it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built it for Fedora 34 and Rawhide, and submitted it as an update for Fedora 34[5].
Thanks for also making it available in Fedora!
The ManaFirewall tool is relatively new and the functionality isn't to the same level as firewall-config yet, but the long-term goal is to reach feature parity and provide a comfortable experience managing FirewallD regardless of environment (desktop or server).
I'm very happy to see this. The current firewall-config GUI is not fantastic and I simply don't have time to work on it. I really like that it has multiple toolkit support, especially ncurses.
I have a couple questions:
1. Why a new UI instead of contributing to firewall-config? - Is it for a native to Mageia feel?
2. Do you plan to support policy objects [7] ? - this would make it the first and only GUI to support them
3. Any thing missing that you need to support the new GUI? - if so, please file enhancement requests on github
If anyone is interested in contributing to helping make this a reality, they are very welcome! The ManaTools team is available on the #manatools IRC channel on Freenode.
If you are interested, a post about manafirewall on the firewalld blog would be great. Just submit a pull request [6] and I'll review/merge.
Thanks for all the hard work! Eric.
[6]: https://github.com/firewalld/firewalld.github.io [7]: https://firewalld.org/2020/09/policy-objects-introduction
-- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Wed, Mar 17, 2021 at 8:46 AM Eric Garver egarver@redhat.com wrote:
On Wed, Mar 17, 2021 at 07:56:07AM -0400, Neal Gompa wrote:
Hey all,
With the release of Mageia Linux 8, I wanted to highlight something that may be interesting to the FirewallD community: the introduction of a new tool by Mageia's ManaTools team: ManaFirewall[1].
The ManaFirewall tool is a rewrite of the drakfirewall tool that has been part of the Mandriva/Mageia Control Center for decades. The old tool was written in Perl and used Shorewall, this new one is written in Python 3 and uses FirewallD. Additionally, since it uses the ManaTools application framework[2], it automatically has Qt5, GTK3, and ncurses based UIs through its usage of the libyui library[3] from the folks at SUSE along with Mageia's extensions[4].
In addition to being available for Mageia Linux 8, I have also brought it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built it for Fedora 34 and Rawhide, and submitted it as an update for Fedora 34[5].
Thanks for also making it available in Fedora!
The ManaFirewall tool is relatively new and the functionality isn't to the same level as firewall-config yet, but the long-term goal is to reach feature parity and provide a comfortable experience managing FirewallD regardless of environment (desktop or server).
I'm very happy to see this. The current firewall-config GUI is not fantastic and I simply don't have time to work on it. I really like that it has multiple toolkit support, especially ncurses.
I have a couple questions:
- Why a new UI instead of contributing to firewall-config?
- Is it for a native to Mageia feel?
The main reason was that firewall-config is GTK only, and a requirement for Mageia is that new tools need to work across all desktops and headless environments. Mageia *does* package firewall-config, but it's not appealing to integrate when the primary desktop is KDE Plasma (which is Qt5). I knew there were attempts in the past to write a Qt5 version of the UI, so I hoped this would be well-received as an alternative to firewall-config for those who prefer a UI that fits in better with different desktops.
- Do you plan to support policy objects [7] ?
- this would make it the first and only GUI to support them
I don't see why not. The UI currently mimics firewall-config as a starting point, but adding new features like this would be very appealing. Angelo (the main developer, who I CC'd to this email) would likely need some help to understand the feature. If you could hang out in the IRC channel and be willing to answer questions, it could probably get done relatively soon. :)
- Any thing missing that you need to support the new GUI?
- if so, please file enhancement requests on github
Something that has come up that was a bit annoying is that all D-Bus APIs are privileged, rather than just the "write" APIs. Reading the firewall state should work without triggering a polkit dialog. I think Rex Dieter (who I CC'd to this email) was working on writing a polkit policy to fix this for Plasma Firewall, which would also benefit ManaFirewall.
If anyone is interested in contributing to helping make this a reality, they are very welcome! The ManaTools team is available on the #manatools IRC channel on Freenode.
If you are interested, a post about manafirewall on the firewalld blog would be great. Just submit a pull request [6] and I'll review/merge.
I certainly will do that! :)
Thanks for all the hard work!
Thank you for being so supportive!
Eric.
-- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Hi all!
Let me thanks you all first, for the attention to this project.
Il 17/03/21 13:58, Neal Gompa ha scritto:
The main reason was that firewall-config is GTK only, and a requirement for Mageia is that new tools need to work across all desktops and headless environments. Mageia *does* package firewall-config, but it's not appealing to integrate when the primary desktop is KDE Plasma (which is Qt5). I knew there were attempts in the past to write a Qt5 version of the UI, so I hoped this would be well-received as an alternative to firewall-config for those who prefer a UI that fits in better with different desktops.
I also have friends who still prefer remote connections to configure server without GUI, so a TUI interface (I know they don't need it very much perhaps, but hey is there for free! :D) would be of use and appreciated. An example:
https://github.com/manatools/manafirewall/blob/master/screenshots/manafirewa...
Of course it isn't all easy since libyui has constraints to consider, but writing the code once and working for three is great result i believe.
Another issue we're trying to get rid of is tui-polkit agent, atm all the libyui-ncurses applications that use dbus, so no only manafirewall, work only as root because of missing authentication dialog...
I usually try to answer as quick as possible to any requests, though my daily job doesn't allow me to be full time connected as once, be patience and ping me. Neal is always in #manatools freenode channel so he can call me later if i'm not in too :)
Thank you
Angelo
On Wed, Mar 17, 2021 at 08:58:32AM -0400, Neal Gompa wrote:
On Wed, Mar 17, 2021 at 8:46 AM Eric Garver egarver@redhat.com wrote:
On Wed, Mar 17, 2021 at 07:56:07AM -0400, Neal Gompa wrote:
Hey all,
With the release of Mageia Linux 8, I wanted to highlight something that may be interesting to the FirewallD community: the introduction of a new tool by Mageia's ManaTools team: ManaFirewall[1].
The ManaFirewall tool is a rewrite of the drakfirewall tool that has been part of the Mandriva/Mageia Control Center for decades. The old tool was written in Perl and used Shorewall, this new one is written in Python 3 and uses FirewallD. Additionally, since it uses the ManaTools application framework[2], it automatically has Qt5, GTK3, and ncurses based UIs through its usage of the libyui library[3] from the folks at SUSE along with Mageia's extensions[4].
In addition to being available for Mageia Linux 8, I have also brought it to Fedora. As it requires FirewallD 0.9.0 or higher, I have built it for Fedora 34 and Rawhide, and submitted it as an update for Fedora 34[5].
Thanks for also making it available in Fedora!
The ManaFirewall tool is relatively new and the functionality isn't to the same level as firewall-config yet, but the long-term goal is to reach feature parity and provide a comfortable experience managing FirewallD regardless of environment (desktop or server).
I'm very happy to see this. The current firewall-config GUI is not fantastic and I simply don't have time to work on it. I really like that it has multiple toolkit support, especially ncurses.
I have a couple questions:
- Why a new UI instead of contributing to firewall-config?
- Is it for a native to Mageia feel?
The main reason was that firewall-config is GTK only, and a requirement for Mageia is that new tools need to work across all desktops and headless environments. Mageia *does* package firewall-config, but it's not appealing to integrate when the primary desktop is KDE Plasma (which is Qt5). I knew there were attempts in the past to write a Qt5 version of the UI, so I hoped this would be well-received as an alternative to firewall-config for those who prefer a UI that fits in better with different desktops.
I'm just now recalling that we had talked weeks ago about Plasma Firewall. :)
In case it's of interest, are you aware Cockpit also has some firewalld integration as well? It's a different simpler use case, but worth noting.
- Do you plan to support policy objects [7] ?
- this would make it the first and only GUI to support them
I don't see why not. The UI currently mimics firewall-config as a starting point, but adding new features like this would be very appealing. Angelo (the main developer, who I CC'd to this email) would likely need some help to understand the feature. If you could hang out in the IRC channel and be willing to answer questions, it could probably get done relatively soon. :)
I'm always on freenode #firewalld. Alternatively there is a matrix channel, #firewalld:matrix.org. My response may be delayed, but I'll respond eventually. :)
- Any thing missing that you need to support the new GUI?
- if so, please file enhancement requests on github
Something that has come up that was a bit annoying is that all D-Bus APIs are privileged, rather than just the "write" APIs. Reading the firewall state should work without triggering a polkit dialog. I think Rex Dieter (who I CC'd to this email) was working on writing a polkit policy to fix this for Plasma Firewall, which would also benefit ManaFirewall.
There are two policy kit definitions: Server and Desktop. The Server one is highly restrictive. Desktop allows read-only to much more info. I'm okay with opening the Desktop one more to allow read-only for most things.
If anyone is interested in contributing to helping make this a reality, they are very welcome! The ManaTools team is available on the #manatools IRC channel on Freenode.
If you are interested, a post about manafirewall on the firewalld blog would be great. Just submit a pull request [6] and I'll review/merge.
I certainly will do that! :)
Thanks for all the hard work!
Thank you for being so supportive!
Eric.
-- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
-- 真実はいつも一つ!/ Always, there's only one truth!
firewalld-users@lists.fedorahosted.org