firewalld 0.6.0 release
A new release of firewalld, version 0.6.0, is available.
This is a large feature release. Some new features warrant a separate blog post. As such, the release is only summarized here.
User facing features:
- nftables backend
This is the new default for all firewalld’s abstractions. The direct interface still supports iptables, ip6tables, and ebtables. It is configurable via
/etc/firewalld/firewalld.conf- valid values are;
- new services
apcupsd, cockpit, distcc, etcd, finger, iSNS, llmnr, matrix, mqtt, nut, plex, rtsp, salt-master, samba-dc, slp, steam, subversion, svdrp, wbem-http, wsman
- updated translations
A lot of development time was spent on improving continuous integration and sanity checks to give confidence in new code changes and contributions from others. This is reflected below in the list of developer focused improvements.
Developer focused improvements:
- lots of code refactoring to abstract firewall backend
- flake8 source code checking
- better debug output on exceptions (tracebacks)
- testsuite runs inside network namespaces
- improved testsuite coverage
New dependencies for nftables backend:
- nftables >= 0.9.0
- linux >= 4.18
While most of the nftables backend will function with earlier versions of nftables and Linux it is not recommended. Many bugs were found and fixed in these packages while firewalld’s nftables backend was being developed. Some examples are; iptables and nftables NAT coexistence, nftables AUDIT support, nftables set ranges with timeouts.
Source available here:
The source repository for firewalld is stored in git. Clone the repository by
$ git clone https://github.com/firewalld/firewalld.git