source: archive/firewalld.xml@ fa91d2e

11.0 ken/refactor-virt lazarus qt5new trunk
Last change on this file since fa91d2e was 45ab6c7, checked in by Xi Ruoyao <xry111@…>, 5 months ago

more SVN prop clean up

Remove "$LastChanged$" everywhere, and also some unused $Date$

  • Property mode set to 100644
File size: 10.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY firewalld-download-http "https://github.com/firewalld/firewalld/releases/download/v&firewalld-version;/firewalld-&firewalld-version;.tar.gz">
8 <!ENTITY firewalld-download-ftp " ">
9 <!ENTITY firewalld-md5sum "644a8970b43fcf875178ae3bec640db4">
10 <!ENTITY firewalld-size "1.6 MB">
11 <!ENTITY firewalld-buildsize "19 MB (additionall 2 MB for tests)">
12 <!ENTITY firewalld-time "less than 0.1 SBU (add 6.2 SBU for tests)">
13]>
14
15<sect1 id="firewalld" xreflabel="firewalld-&firewalld-version;">
16 <?dbhtml filename="firewalld.html"?>
17
18 <sect1info>
19 <date>$Date$</date>
20 </sect1info>
21
22 <title>firewalld-&firewalld-version;</title>
23
24 <indexterm zone="firewalld">
25 <primary sortas="a-firewalld">firewalld</primary>
26 </indexterm>
27
28 <sect2 role="package">
29 <title>Introduction to firewalld</title>
30
31 <para>
32 The <application>firewalld</application> package provides a dynamically
33 managed firewall with support for network or firewall zones to define the
34 trust level of network connections or interfaces. It has support for
35 IPv4, IPv6 firewall settings and for ethernet bridges and a separation of
36 runtime and permanent configuration options. It also provides an
37 interface for services or applications to add nftables or iptables and
38 ebtables rules directly.
39 </para>
40
41 &lfs90_checked;
42
43 <bridgehead renderas="sect3">Package Information</bridgehead>
44 <itemizedlist spacing="compact">
45 <listitem>
46 <para>
47 Download (HTTP): <ulink url="&firewalld-download-http;"/>
48 </para>
49 </listitem>
50 <listitem>
51 <para>
52 Download (FTP): <ulink url="&firewalld-download-ftp;"/>
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Download MD5 sum: &firewalld-md5sum;
58 </para>
59 </listitem>
60 <listitem>
61 <para>
62 Download size: &firewalld-size;
63 </para>
64 </listitem>
65 <listitem>
66 <para>
67 Estimated disk space required: &firewalld-buildsize;
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 Estimated build time: &firewalld-time;
73 </para>
74 </listitem>
75 </itemizedlist>
76
77 <bridgehead renderas="sect3">firewalld Dependencies</bridgehead>
78
79 <bridgehead renderas="sect4">Required</bridgehead>
80 <para role="required">
81 <xref linkend="nftables"/>,
82 and <xref linkend="python-slip"/>
83 </para>
84
85 <bridgehead renderas="sect4">Recommended</bridgehead>
86 <para role="recommended">
87 <xref linkend="DocBook"/>,
88 <xref linkend="iptables"/>, and
89 <xref linkend="libxslt"/> (for building the manual pages)
90 </para>
91
92 <bridgehead renderas="sect4">Optional</bridgehead>
93 <para role="optional">
94 <xref linkend="gtk3" role="runtime"/> (runtime only, required for
95 <application>fireall-config</application>),
96 <xref linkend="qt5" role="runtime"/> (runtime only, required for
97 <application>fireall-applet</application>), and
98 <ulink url="https://netfilter.org/projects/ipset/index.html">ipset</ulink>
99 for ipset support (only when used with iptables)
100 </para>
101
102 <para condition="html" role="usernotes">User Notes:
103 <ulink url="&blfs-wiki;/firewalld"/>
104 </para>
105 </sect2>
106
107 <sect2 role="installation">
108 <title>Installation of firewalld</title>
109
110 <para>
111 Install <application>firewalld</application> by
112 running the following commands:
113 </para>
114
115<screen revision="systemd"><userinput>PYTHON=/usr/bin/python3 \
116 ./configure --sysconfdir=/etc \
117 --without-ipset &amp;&amp;
118make</userinput></screen>
119
120<screen revision="sysv"><userinput>PYTHON=/usr/bin/python3 \
121 ./configure --sysconfdir=/etc \
122 --without-ipset \
123 --disable-systemd &amp;&amp;
124make</userinput></screen>
125
126 <para>
127 The testsuite for <application>firewalld</application> is very dependent
128 on the running kernel and system configuration. It requires
129 <application>ipset</application> as well as both backends, and all
130 supported kernel options available.
131 </para>
132
133 <para>
134 If the above conditions are met, run the testsuite as the
135 <systemitem class="username">root</systemitem> user with the command
136 <command>make -C src check</command>. Any test failures are likely the
137 result of an incomplete configuration. Failed tests will give a detailed
138 failure status at
139 <filename>src/test/testsuite.dir/&lt;###&gt;/testsuite.log</filename>.
140 </para>
141
142 <para revision="sysv">
143 Prevent installation of the distributed firewalld init script with the
144 following command:
145 </para>
146
147<screen revision="sysv"><userinput>sed '/^am__append_3/,+1d' -i config/Makefile</userinput></screen>
148
149 <para>
150 Now, as the <systemitem class="username">root</systemitem> user:
151 </para>
152
153<screen role="root"><userinput>make install</userinput></screen>
154
155 </sect2>
156
157 <sect2 role="commands">
158 <title>Command Explanations</title>
159
160 <para>
161 <parameter>--without-ipset</parameter>: This switch disables use of the
162 <command>ipset</command> utility. Omit if it is installed.
163 </para>
164
165 <para revision="sysv">
166 <parameter>--disable-systemd</parameter>: This command prevents
167 installation of <application>systemd</application> services.
168 </para>
169
170 <para>
171 <option>--without-{ip{,6},eb}tables{,-restore}</option>: These switches
172 disable <application>iptables</application> support and are required if
173 you wish to build without iptables support.
174 </para>
175
176 </sect2>
177
178 <sect2 role="configuration">
179 <title>Configuring firewalld</title>
180
181 <sect3 id="firewalld-conf">
182 <title>Config Files</title>
183
184 <para>
185 <filename>/etc/firewall/applet.conf</filename>,
186 <filename>/etc/firewalld/firewalld.conf</filename>,
187 and <filename>/etc/sysconfig/firewalld</filename>
188 </para>
189
190 <indexterm zone="firewalld firewalld-conf">
191 <primary sortas="e-etc-firewalld.conf">/etc/firewalld/firewalld.conf</primary>
192 </indexterm>
193
194 <para>
195 Configuration of <application>firewalld</application> is generally done
196 without modification of the above configuration files using the
197 <command>firewall-cmd</command> command. Within the above configuration
198 files you can set daemon behavior only. E.g.: whether runtime rules are
199 retained on restart, which firewall backend to use (default is
200 nftables), or whether to turn on debugging.
201 </para>
202
203 <para>
204 Detailed documentation is provided by the
205 <application>firewalld</application> developers at
206 <ulink url="https://firewalld.org/documentation/"/>.
207 </para>
208
209 </sect3>
210
211 <sect3 id="firewalld-init">
212 <title><phrase revision="sysv">Init Script</phrase>
213 <phrase revision="systemd">Systemd Unit</phrase></title>
214
215 <para revision="sysv">
216 If you need to run the <command>firewalld</command> daemon at system
217 startup, install the <filename>/etc/rc.d/init.d/firewalld</filename>
218 init script included in the
219 <xref linkend="bootscripts"/> package using the following command:
220 </para>
221
222 <para revision="systemd">
223 If you need to run the <command>firewalld</command> daemon at system
224 startup, enable the previously installed
225 <filename>firewalld.service</filename> unit with the following command:
226 </para>
227
228 <indexterm zone="firewalld firewalld-init">
229 <primary sortas="f-firewalld">firewalld</primary>
230 </indexterm>
231
232<screen role="root" revision="sysv"><userinput>make install-firewalld</userinput></screen>
233
234<screen role="root" revision="systemd"><userinput>systemctl enable firewalld</userinput></screen>
235
236 </sect3>
237
238 </sect2>
239
240 <sect2 role="content">
241 <title>Contents</title>
242
243 <segmentedlist>
244 <segtitle>Installed Programs</segtitle>
245 <segtitle>Installed Libraries</segtitle>
246 <segtitle>Installed Directories</segtitle>
247
248 <seglistitem>
249 <seg>
250 firewall-applet, firewall-cmd, firewall-config, firewall-offline-cmd,
251 and firewalld
252 </seg>
253 <seg>
254 None
255 </seg>
256 <seg>
257 /etc/firewalld,
258 /etc/firewall,
259 /usr/lib/firewalld, and
260 /usr/lib/python-&python3-version;/site-packages/firewall
261 </seg>
262 </seglistitem>
263 </segmentedlist>
264
265 <variablelist>
266 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
267 <?dbfo list-presentation="list"?>
268 <?dbhtml list-presentation="table"?>
269
270 <varlistentry id="firewall-applet">
271 <term><command>firewall-applet</command></term>
272 <listitem>
273 <para>
274 is a tray applet using QSettings backend.
275 </para>
276 <indexterm zone="firewalld firewall-applet">
277 <primary sortas="b-firewall-applet">firwall-applet</primary>
278 </indexterm>
279 </listitem>
280 </varlistentry>
281
282 <varlistentry id="firewall-cmd">
283 <term><command>firewall-cmd</command></term>
284 <listitem>
285 <para>
286 is the primary command line frontend.
287 </para>
288 <indexterm zone="firewalld firewall-cmd">
289 <primary sortas="b-firewall-cmd">firewall-cmd</primary>
290 </indexterm>
291 </listitem>
292 </varlistentry>
293
294 <varlistentry id="firewall-config">
295 <term><command>firewall-config</command></term>
296 <listitem>
297 <para>
298 is a GUI configuration tool using GTK+-3.
299 </para>
300 <indexterm zone="firewalld firewall-config">
301 <primary sortas="b-firewall-config">firewall-config</primary>
302 </indexterm>
303 </listitem>
304 </varlistentry>
305
306 <varlistentry id="firewall-offline-cmd">
307 <term><command>firewall-offline-cmd</command></term>
308 <listitem>
309 <para>
310 is a command line client used for permanent configuration while
311 firewalld is not running.
312 </para>
313 <indexterm zone="firewalld firewall-offline-cmd">
314 <primary sortas="b-firewall-offline-cmd">firewall-offline-cmd</primary>
315 </indexterm>
316 </listitem>
317 </varlistentry>
318
319 <varlistentry id="firewalld-daemon">
320 <term><command>firewalld</command></term>
321 <listitem>
322 <para>
323 is the Dynamic Firewall Manager daemon.
324 </para>
325 <indexterm zone="firewalld firewalld-daemon">
326 <primary sortas="b-firewalld">firewalld</primary>
327 </indexterm>
328 </listitem>
329 </varlistentry>
330
331 </variablelist>
332
333 </sect2>
334
335</sect1>
Note: See TracBrowser for help on using the repository browser.