Cryptically zoned out Firewall
Thomas Woerner
twoerner at redhat.com
Tue Nov 6 15:55:29 UTC 2012
On 11/06/2012 04:26 PM, Thomas Woerner wrote:
> On 11/06/2012 01:07 AM, Chuck Forsberg WA7KGX N2469R wrote:
>> The new firewall replaces the old "trusted interface" with
>> multiple "zones" . This would be fine if one could easily
>> tell which zone each network interface was in and
>> make changes.
>>
> firewalld is not selecting the zone for an interface related to a
> connection. NetworkManager does this. The zone is set in the ifcfg
> config file, if it is not the default zone.
>
>> The only to change an interface's zone is with an arcane
>> firewall-cmd incantation.
>>
> There is a patch for the gtk nm-connection-editor to add a very simple
> selection menu for connections. The NM connection editor in KDE is
> providing support for this already.
>
This has been integrated into network-manager-applet upstream and should
hit Fedora soon. Within nm-connection-editor the zone for interfaces
related to a connection can be changed.
>> Given the new concepts of persistence and zones, the
>> admin>firewall applet needs to present these concepts
>> to the user in a clearly intuitive, easy to change way.
>>
> Ok, the firewall-applet should provide information on how to do change
> zones for connections, I agree.
>
>> The current view should be radio buttons.
>> Each interface should have a selector for which zone
>> it should be in. Finally, do we need so many zones?
>> A default of two zones should suffice and be more
>> understandable. At least don't show zones that aren't used.
>>
> There are the base zones: block, drop, public, work and trusted. The
> other zones have been added on request. You can also add own zones
> according to your needs.
>
> Thomas
More information about the test
mailing list