The release of a dynamically controlled inter-grid screen FireWalld 2.2 has been announced, implemented as a layer above the NFTables and IPTables package filters. Firewalld operates as a background process, allowing for dynamic changes to packet filter rules via d-bus without the need to restart the rules or interrupt established connections. This project is utilized in various Linux distributions, including RHEL 7+, Fedora 18+, and SUSE/Opensuse 15+. The Firewalld code, written in Python, is distributed under the GPLv2 license. More information about the release can be found here.
The Firewall-CMD utility is utilized to control the inter-grid screen, focusing on service names when creating rules rather than IP addresses, network interfaces, or port numbers. To modify the inter-grid screen configuration, users can also use the Firewall-Config (GTK) and Firewall-Applet (QT) applets. D-Bus API support for controlling the inter-grid screen is available in projects such as NetworkManager, Libvirt, Podman, Docker, and Fail2ban.
Key changes in the FireWalld 2.2 release include:
- Added support for services related to the Stun and Stuns protocols.
- Added service for Steam traffic within a local network.
- Added service for the MNDP protocol (Mikrotik Neighbor Discovery Protocol).
- Added service for the file server xrootd.
- Added service for the WS-Discover Protocol (Web Services Dynamic Discovery).
- Added services for network activity utilities measuring the capacity of iperf2 and iperf3.
- Allowed the use of tables with flags “Owner” and “Persist”.
- Added support for RPFilter (Reverse Path Filter) operating modes: LOOSE-FORWARD and LOOSE.