Firewalld

Jump to: navigation, search
Firewall-config-screenshot.png
  • Firewall-config-icon.png firewalld
    firewalld
  • A firewall service daemon with D-Bus interface managing a dynamic firewall
  • Developer:
    Please add developer...
  • License:
    GPLv2

Firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings and for ethernet bridges and has a separation of runtime and permanent configuration options. It also supports an interface for services or applications to add firewall rules directly. Firewalld is well maintained, and it is already supported in some applications or libraries.

These are some of the main reasons why it has been decided to replace completely SuSEfirewall2 with firewalld and to make firewalld the default in Leap 15.0.

Features

  • Can handle IPv4, IPv6 and bridges "under one roof"
  • Dynamic changing of rules via DBUS calls with policykit authentication without having to reload the whole firewall
  • Fully integrated with NetworkManager
  • Graphical cnfiguration utility: firewall-config
  • commandline configuration tool: firewall-cmd

Installation

If you install openSUSE with official ISOs and didn't uncheck "Firewall" during configuration, Firewalld should be installed by default.

However, if you get a PC or VPS with openSUSE pre-installed, Firewalld might not be installed. In this case, you should run:

sudo zypper install firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld 

Configure Firewalld for Desktop

Configure Firewalld for Web Server

Documentation

RPM Packaging

If you want to ship firewalld service files with your RPM package, you may want to consult the firewalld RPM packaging page.

Migration from SuSEfirewall2

Migrating from one firewall solution to another is not always a trivial process and moving from SuSEfirewall2 to firewalld is no different. However, a simple script has been developed in order to make this migration as smooth as possible. Depending on your setup, the script may simply do the right thing and be done with it or fail to do anything useful. The package is called susefirewall2-to-firewalld and you can use it as follows:

sudo zypper install susefirewall2-to-firewalld
sudo susefirewall2-to-firewalld

Please consult the README before running it for the first time. The script is maintained on GitHub so bugs and pull requests should be filed there.

Troubleshooting

Firewalld module doesn't start after Tumbleweed Upgrade

Specific to upgrading Tumbleweed snapshots that transition from SuSEfirewall2 to Firewalld, the new firewall system may not activate immediately. One way to tell is starting Firewalld and the interface not being able to connect to Firewalld

To activate Firewalld and disable SuSEfirewall2, open Yast Services Manager and activate the service. Either open up the Yast Control Center or run the command

yast2-services-manager

Find Firewalld Start and Enable the service.

Find SuSEfirewall2, SuSEfirewall2_init and SuSEfirewall2_setup, Stop and Disable the services, select OK to finish.

You may be presented with a dialog with a warning that writing the configuration failed. Select Continue Editing to complete the process

Now the Firewalld module should operate normally.

See also

External links