Firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Firewalld is well maintained, and it is already supported in some applications or libraries.
These are some of the main reasons why it has been decided to replace completely SuSEFirewall2 with firewalld and to make firewalld the default in Leap 15.0
- Can handle IPv4, IPv6 and bridges "under one roof"
- Dynamic changing of rules via DBUS calls with policykit authentication without having to reload the whole firewall
- Fully integrated with NetworkManager
- Graphical cnfiguration utility: firewall-config
- commandline configuration tool: firewall-cmd
- Main documentation: http://www.firewalld.org/documentation/
- Graphical configuration module: http://www.firewalld.org/documentation/utilities/firewall-config.html
- Wiki documentation page: https://fedoraproject.org/wiki/FirewallD
If you want to ship firewalld service files with your RPM package, you may want to consult the firewalld RPM packaging page.
Migration from SuSEfirewall2
Migrating from one firewall solution to another is not always a trivial process and moving from SuSEfirewall2 to firewalld is no different. However, a simple script has been developed in order to make this migration as smooth as possible. Depending on your setup, the script may simply do the right thing and be done with it or fail to do anything useful. The package is called susefirewall2-to-firewalld and you can use it as follows:
sudo zypper install susefirewall2-to-firewalld sudo susefirewall2-to-firewalld
Firewalld module doesn't start after Tumbleweed Upgrade
Specific to upgrading Tumbleweed snapshots that transition from SuSEfirewall2 to Firewalld, the new firewall system may not activate immediately. One way to tell is starting Firewalld and the interface not being able to connect to Firewalld
To activate Firewalld and disable SuSEfirewall2, open Yast Services Manager and activate the service. Either open up the Yast Control Center or run the command
Find Firewalld Start and Enable the service.
Find SuSEfirewall2, SuSEfirewall2_init and SuSEfirewall2_setup, Stop and Disable the services, select OK to finish.
You may be presented with a dialog with a warning that writing the configuration failed. Select Continue Editing to complete the process
Now the Firewalld module should operate normally.