Cryptically zoned out Firewall
Thomas Woerner
twoerner at redhat.com
Tue Nov 6 15:26:23 UTC 2012
On 11/06/2012 01:07 AM, Chuck Forsberg WA7KGX N2469R wrote:
> The new firewall replaces the old "trusted interface" with
> multiple "zones" . This would be fine if one could easily
> tell which zone each network interface was in and
> make changes.
>
firewalld is not selecting the zone for an interface related to a
connection. NetworkManager does this. The zone is set in the ifcfg
config file, if it is not the default zone.
> The only to change an interface's zone is with an arcane
> firewall-cmd incantation.
>
There is a patch for the gtk nm-connection-editor to add a very simple
selection menu for connections. The NM connection editor in KDE is
providing support for this already.
> Given the new concepts of persistence and zones, the
> admin>firewall applet needs to present these concepts
> to the user in a clearly intuitive, easy to change way.
>
Ok, the firewall-applet should provide information on how to do change
zones for connections, I agree.
> The current view should be radio buttons.
> Each interface should have a selector for which zone
> it should be in. Finally, do we need so many zones?
> A default of two zones should suffice and be more
> understandable. At least don't show zones that aren't used.
>
There are the base zones: block, drop, public, work and trusted. The
other zones have been added on request. You can also add own zones
according to your needs.
Thomas
More information about the test
mailing list