Proposed F19 Feature: firewalld Rich Language

Jaroslav Reznik jreznik at
Wed Jan 30 12:56:18 UTC 2013

= Features/FirewalldRichLanguage =

Feature owner(s): Thomas Woerner <twoerner at>

This feature adds a rich (high level) language to firewalld, that allows to 
easily create complex firewall rules without the knowledge of iptables syntax.

= Detailed Description =
Currently, complex firewall rules can only be added using the direct interface 
of firewalld. But this requires to know the syntax of iptables and the rules 
are not permanent.

With the rich language more complex firewall rules can be created in an easy to 
understand way. The language will use keywords with (sometimes multiple) 
values and will be an abstract representation of ip*tables and ebtables rules. 
Services and zones can be configured using this language, the current 
configuration will still be supported.

A mixture of the old and new configuration of services and zones might be 
possible, but this needs to be verified. With the possibility to use the rich 
language in services and zones, the configuration will also be permanent.

The configuration with files will be available for Fedora 19. The D-BUS 
interface with the command line client should be finished, but this depends on 
Fedora 19 schedule. UI work will most likely be available later (depends on 
Fedora 19 schedule also). 

More information about the devel-announce mailing list