Inter-Grid Screen Firewalld 2.1 Released

The release of a dynamically controlled inter-sewage screen, firewalld 2.1, has been announced. This new version of firewalld is implemented as a binding above the nftables and iPtables package filters. Firewalld is a background process that allows for the dynamic changing of packet filter rules via d-bus, without requiring a restart or interrupting installed connections. It is already being used in popular Linux distributions including RHEL 7+, Fedora 18+, and SUSE/Opensuse 15+. The firewalld software is written in Python and is available under the GPLv2 license.

To control the inter-sector, the Firewall-CMD utility is used. Instead of using IP addresses, network interfaces, and port numbers, rules are created based on service names. For example, to open access to SSH, the command “Firewall-CMD- Add -Service = SSH” is used, and to close SSH, “Firewall -CMD –remove –Service = ssh” is used. The Firewall-Config (GTK) and Firewall-Applet (QT) applets can also be used to change the configuration of the inter-sewage screen. Firewalld’s D-Bus API is supported by projects such as NetworkManager, Libvirt, Podman, Docker, and Fail2ban.

Key changes in firewalld 2.1 include:

  • A service has been added to allow the use of DNS over QUIC (DOQ).
  • Support for types of ICMPV6 MLD messages, specifically multicast listener discovery.
  • A configuration file, firewald.conf, has been added for reload policy.
  • A new service has been added to support client SMTP checks on TCP port 587 (Mail Submission).
  • Added service for supporting ALVR, which allows for streaming VR-IGR with a PC on portable devices over Wi-Fi.
  • A service has been added to support VRRP (Virtual Router Redundance Protocol).

For more information, visit the official firewalld 2.1 release announcement.

Sources: firewalld.org, GitHub,

/Reports, release notes, official announcements.