source: archive/firewalld.xml@ d3717bf

10.1 11.0 qt5new trunk xry111/git-date xry111/git-date-for-trunk xry111/git-date-test
Last change on this file since d3717bf was d3717bf, checked in by Pierre Labastie <pieere@…>, 7 months ago

Move two files to archive, because they have not been in use for a while

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24233 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 10.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY firewalld-download-http "https://github.com/firewalld/firewalld/releases/download/v&firewalld-version;/firewalld-&firewalld-version;.tar.gz">
8 <!ENTITY firewalld-download-ftp " ">
9 <!ENTITY firewalld-md5sum "644a8970b43fcf875178ae3bec640db4">
10 <!ENTITY firewalld-size "1.6 MB">
11 <!ENTITY firewalld-buildsize "19 MB (additionall 2 MB for tests)">
12 <!ENTITY firewalld-time "less than 0.1 SBU (add 6.2 SBU for tests)">
13]>
14
15<sect1 id="firewalld" xreflabel="firewalld-&firewalld-version;">
16 <?dbhtml filename="firewalld.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>firewalld-&firewalld-version;</title>
24
25 <indexterm zone="firewalld">
26 <primary sortas="a-firewalld">firewalld</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to firewalld</title>
31
32 <para>
33 The <application>firewalld</application> package provides a dynamically
34 managed firewall with support for network or firewall zones to define the
35 trust level of network connections or interfaces. It has support for
36 IPv4, IPv6 firewall settings and for ethernet bridges and a separation of
37 runtime and permanent configuration options. It also provides an
38 interface for services or applications to add nftables or iptables and
39 ebtables rules directly.
40 </para>
41
42 &lfs90_checked;
43
44 <bridgehead renderas="sect3">Package Information</bridgehead>
45 <itemizedlist spacing="compact">
46 <listitem>
47 <para>
48 Download (HTTP): <ulink url="&firewalld-download-http;"/>
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 Download (FTP): <ulink url="&firewalld-download-ftp;"/>
54 </para>
55 </listitem>
56 <listitem>
57 <para>
58 Download MD5 sum: &firewalld-md5sum;
59 </para>
60 </listitem>
61 <listitem>
62 <para>
63 Download size: &firewalld-size;
64 </para>
65 </listitem>
66 <listitem>
67 <para>
68 Estimated disk space required: &firewalld-buildsize;
69 </para>
70 </listitem>
71 <listitem>
72 <para>
73 Estimated build time: &firewalld-time;
74 </para>
75 </listitem>
76 </itemizedlist>
77
78 <bridgehead renderas="sect3">firewalld Dependencies</bridgehead>
79
80 <bridgehead renderas="sect4">Required</bridgehead>
81 <para role="required">
82 <xref linkend="nftables"/>,
83 and <xref linkend="python-slip"/>
84 </para>
85
86 <bridgehead renderas="sect4">Recommended</bridgehead>
87 <para role="recommended">
88 <xref linkend="DocBook"/>,
89 <xref linkend="iptables"/>, and
90 <xref linkend="libxslt"/> (for building the manual pages)
91 </para>
92
93 <bridgehead renderas="sect4">Optional</bridgehead>
94 <para role="optional">
95 <xref linkend="gtk3" role="runtime"/> (runtime only, required for
96 <application>fireall-config</application>),
97 <xref linkend="qt5" role="runtime"/> (runtime only, required for
98 <application>fireall-applet</application>), and
99 <ulink url="https://netfilter.org/projects/ipset/index.html">ipset</ulink>
100 for ipset support (only when used with iptables)
101 </para>
102
103 <para condition="html" role="usernotes">User Notes:
104 <ulink url="&blfs-wiki;/firewalld"/>
105 </para>
106 </sect2>
107
108 <sect2 role="installation">
109 <title>Installation of firewalld</title>
110
111 <para>
112 Install <application>firewalld</application> by
113 running the following commands:
114 </para>
115
116<screen revision="systemd"><userinput>PYTHON=/usr/bin/python3 \
117 ./configure --sysconfdir=/etc \
118 --without-ipset &amp;&amp;
119make</userinput></screen>
120
121<screen revision="sysv"><userinput>PYTHON=/usr/bin/python3 \
122 ./configure --sysconfdir=/etc \
123 --without-ipset \
124 --disable-systemd &amp;&amp;
125make</userinput></screen>
126
127 <para>
128 The testsuite for <application>firewalld</application> is very dependent
129 on the running kernel and system configuration. It requires
130 <application>ipset</application> as well as both backends, and all
131 supported kernel options available.
132 </para>
133
134 <para>
135 If the above conditions are met, run the testsuite as the
136 <systemitem class="username">root</systemitem> user with the command
137 <command>make -C src check</command>. Any test failures are likely the
138 result of an incomplete configuration. Failed tests will give a detailed
139 failure status at
140 <filename>src/test/testsuite.dir/&lt;###&gt;/testsuite.log</filename>.
141 </para>
142
143 <para revision="sysv">
144 Prevent installation of the distributed firewalld init script with the
145 following command:
146 </para>
147
148<screen revision="sysv"><userinput>sed '/^am__append_3/,+1d' -i config/Makefile</userinput></screen>
149
150 <para>
151 Now, as the <systemitem class="username">root</systemitem> user:
152 </para>
153
154<screen role="root"><userinput>make install</userinput></screen>
155
156 </sect2>
157
158 <sect2 role="commands">
159 <title>Command Explanations</title>
160
161 <para>
162 <parameter>--without-ipset</parameter>: This switch disables use of the
163 <command>ipset</command> utility. Omit if it is installed.
164 </para>
165
166 <para revision="sysv">
167 <parameter>--disable-systemd</parameter>: This command prevents
168 installation of <application>systemd</application> services.
169 </para>
170
171 <para>
172 <option>--without-{ip{,6},eb}tables{,-restore}</option>: These switches
173 disable <application>iptables</application> support and are required if
174 you wish to build without iptables support.
175 </para>
176
177 </sect2>
178
179 <sect2 role="configuration">
180 <title>Configuring firewalld</title>
181
182 <sect3 id="firewalld-conf">
183 <title>Config Files</title>
184
185 <para>
186 <filename>/etc/firewall/applet.conf</filename>,
187 <filename>/etc/firewalld/firewalld.conf</filename>,
188 and <filename>/etc/sysconfig/firewalld</filename>
189 </para>
190
191 <indexterm zone="firewalld firewalld-conf">
192 <primary sortas="e-etc-firewalld.conf">/etc/firewalld/firewalld.conf</primary>
193 </indexterm>
194
195 <para>
196 Configuration of <application>firewalld</application> is generally done
197 without modification of the above configuration files using the
198 <command>firewall-cmd</command> command. Within the above configuration
199 files you can set daemon behavior only. E.g.: whether runtime rules are
200 retained on restart, which firewall backend to use (default is
201 nftables), or whether to turn on debugging.
202 </para>
203
204 <para>
205 Detailed documentation is provided by the
206 <application>firewalld</application> developers at
207 <ulink url="https://firewalld.org/documentation/"/>.
208 </para>
209
210 </sect3>
211
212 <sect3 id="firewalld-init">
213 <title><phrase revision="sysv">Init Script</phrase>
214 <phrase revision="systemd">Systemd Unit</phrase></title>
215
216 <para revision="sysv">
217 If you need to run the <command>firewalld</command> daemon at system
218 startup, install the <filename>/etc/rc.d/init.d/firewalld</filename>
219 init script included in the
220 <xref linkend="bootscripts"/> package using the following command:
221 </para>
222
223 <para revision="systemd">
224 If you need to run the <command>firewalld</command> daemon at system
225 startup, enable the previously installed
226 <filename>firewalld.service</filename> unit with the following command:
227 </para>
228
229 <indexterm zone="firewalld firewalld-init">
230 <primary sortas="f-firewalld">firewalld</primary>
231 </indexterm>
232
233<screen role="root" revision="sysv"><userinput>make install-firewalld</userinput></screen>
234
235<screen role="root" revision="systemd"><userinput>systemctl enable firewalld</userinput></screen>
236
237 </sect3>
238
239 </sect2>
240
241 <sect2 role="content">
242 <title>Contents</title>
243
244 <segmentedlist>
245 <segtitle>Installed Programs</segtitle>
246 <segtitle>Installed Libraries</segtitle>
247 <segtitle>Installed Directories</segtitle>
248
249 <seglistitem>
250 <seg>
251 firewall-applet, firewall-cmd, firewall-config, firewall-offline-cmd,
252 and firewalld
253 </seg>
254 <seg>
255 None
256 </seg>
257 <seg>
258 /etc/firewalld,
259 /etc/firewall,
260 /usr/lib/firewalld, and
261 /usr/lib/python-&python3-version;/site-packages/firewall
262 </seg>
263 </seglistitem>
264 </segmentedlist>
265
266 <variablelist>
267 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
268 <?dbfo list-presentation="list"?>
269 <?dbhtml list-presentation="table"?>
270
271 <varlistentry id="firewall-applet">
272 <term><command>firewall-applet</command></term>
273 <listitem>
274 <para>
275 is a tray applet using QSettings backend.
276 </para>
277 <indexterm zone="firewalld firewall-applet">
278 <primary sortas="b-firewall-applet">firwall-applet</primary>
279 </indexterm>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry id="firewall-cmd">
284 <term><command>firewall-cmd</command></term>
285 <listitem>
286 <para>
287 is the primary command line frontend.
288 </para>
289 <indexterm zone="firewalld firewall-cmd">
290 <primary sortas="b-firewall-cmd">firewall-cmd</primary>
291 </indexterm>
292 </listitem>
293 </varlistentry>
294
295 <varlistentry id="firewall-config">
296 <term><command>firewall-config</command></term>
297 <listitem>
298 <para>
299 is a GUI configuration tool using GTK+-3.
300 </para>
301 <indexterm zone="firewalld firewall-config">
302 <primary sortas="b-firewall-config">firewall-config</primary>
303 </indexterm>
304 </listitem>
305 </varlistentry>
306
307 <varlistentry id="firewall-offline-cmd">
308 <term><command>firewall-offline-cmd</command></term>
309 <listitem>
310 <para>
311 is a command line client used for permanent configuration while
312 firewalld is not running.
313 </para>
314 <indexterm zone="firewalld firewall-offline-cmd">
315 <primary sortas="b-firewall-offline-cmd">firewall-offline-cmd</primary>
316 </indexterm>
317 </listitem>
318 </varlistentry>
319
320 <varlistentry id="firewalld-daemon">
321 <term><command>firewalld</command></term>
322 <listitem>
323 <para>
324 is the Dynamic Firewall Manager daemon.
325 </para>
326 <indexterm zone="firewalld firewalld-daemon">
327 <primary sortas="b-firewalld">firewalld</primary>
328 </indexterm>
329 </listitem>
330 </varlistentry>
331
332 </variablelist>
333
334 </sect2>
335
336</sect1>
Note: See TracBrowser for help on using the repository browser.