linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-24 23:32:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
0a0e996387
glfs/archive/firewalld.xml
Xi Ruoyao 45ab6c70c2
more SVN prop clean up 
Remove "$LastChanged$" everywhere, and also some unused $Date$
2021-04-20 19:12:02 +08:00

336 lines
11 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY firewalld-download-http "https://github.com/firewalld/firewalld/releases/download/v&firewalld-version;/firewalld-&firewalld-version;.tar.gz">
<!ENTITY firewalld-download-ftp " ">
<!ENTITY firewalld-md5sum "644a8970b43fcf875178ae3bec640db4">
<!ENTITY firewalld-size "1.6 MB">
<!ENTITY firewalld-buildsize "19 MB (additionall 2 MB for tests)">
<!ENTITY firewalld-time "less than 0.1 SBU (add 6.2 SBU for tests)">
]>
<sect1 id="firewalld" xreflabel="firewalld-&firewalld-version;">
<?dbhtml filename="firewalld.html"?>
<sect1info>
<date>$Date$</date>
</sect1info>
<title>firewalld-&firewalld-version;</title>
<indexterm zone="firewalld">
<primary sortas="a-firewalld">firewalld</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to firewalld</title>
<para>
The <application>firewalld</application> package provides a dynamically
managed firewall with support for network or firewall zones to define the
trust level of network connections or interfaces. It has support for
IPv4, IPv6 firewall settings and for ethernet bridges and a separation of
runtime and permanent configuration options. It also provides an
interface for services or applications to add nftables or iptables and
ebtables rules directly.
</para>
&lfs90_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&firewalld-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&firewalld-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &firewalld-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &firewalld-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &firewalld-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &firewalld-time;
</para>
</listitem>
</itemizedlist>
<bridgehead renderas="sect3">firewalld Dependencies</bridgehead>
<bridgehead renderas="sect4">Required</bridgehead>
<para role="required">
<xref linkend="nftables"/>,
and <xref linkend="python-slip"/>
</para>
<bridgehead renderas="sect4">Recommended</bridgehead>
<para role="recommended">
<xref linkend="DocBook"/>,
<xref linkend="iptables"/>, and
<xref linkend="libxslt"/> (for building the manual pages)
</para>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="gtk3" role="runtime"/> (runtime only, required for
<application>fireall-config</application>),
<xref linkend="qt5" role="runtime"/> (runtime only, required for
<application>fireall-applet</application>), and
<ulink url="https://netfilter.org/projects/ipset/index.html">ipset</ulink>
for ipset support (only when used with iptables)
</para>
<para condition="html" role="usernotes">User Notes:
<ulink url="&blfs-wiki;/firewalld"/>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of firewalld</title>
<para>
Install <application>firewalld</application> by
running the following commands:
</para>
<screen revision="systemd"><userinput>PYTHON=/usr/bin/python3 \
./configure --sysconfdir=/etc \
--without-ipset &amp;&amp;
make</userinput></screen>
<screen revision="sysv"><userinput>PYTHON=/usr/bin/python3 \
./configure --sysconfdir=/etc \
--without-ipset \
--disable-systemd &amp;&amp;
make</userinput></screen>
<para>
The testsuite for <application>firewalld</application> is very dependent
on the running kernel and system configuration. It requires
<application>ipset</application> as well as both backends, and all
supported kernel options available.
</para>
<para>
If the above conditions are met, run the testsuite as the
<systemitem class="username">root</systemitem> user with the command
<command>make -C src check</command>. Any test failures are likely the
result of an incomplete configuration. Failed tests will give a detailed
failure status at
<filename>src/test/testsuite.dir/&lt;###&gt;/testsuite.log</filename>.
</para>
<para revision="sysv">
Prevent installation of the distributed firewalld init script with the
following command:
</para>
<screen revision="sysv"><userinput>sed '/^am__append_3/,+1d' -i config/Makefile</userinput></screen>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<parameter>--without-ipset</parameter>: This switch disables use of the
<command>ipset</command> utility. Omit if it is installed.
</para>
<para revision="sysv">
<parameter>--disable-systemd</parameter>: This command prevents
installation of <application>systemd</application> services.
</para>
<para>
<option>--without-{ip{,6},eb}tables{,-restore}</option>: These switches
disable <application>iptables</application> support and are required if
you wish to build without iptables support.
</para>
</sect2>
<sect2 role="configuration">
<title>Configuring firewalld</title>
<sect3 id="firewalld-conf">
<title>Config Files</title>
<para>
<filename>/etc/firewall/applet.conf</filename>,
<filename>/etc/firewalld/firewalld.conf</filename>,
and <filename>/etc/sysconfig/firewalld</filename>
</para>
<indexterm zone="firewalld firewalld-conf">
<primary sortas="e-etc-firewalld.conf">/etc/firewalld/firewalld.conf</primary>
</indexterm>
<para>
Configuration of <application>firewalld</application> is generally done
without modification of the above configuration files using the
<command>firewall-cmd</command> command. Within the above configuration
files you can set daemon behavior only. E.g.: whether runtime rules are
retained on restart, which firewall backend to use (default is
nftables), or whether to turn on debugging.
</para>
<para>
Detailed documentation is provided by the
<application>firewalld</application> developers at
<ulink url="https://firewalld.org/documentation/"/>.
</para>
</sect3>
<sect3 id="firewalld-init">
<title><phrase revision="sysv">Init Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para revision="sysv">
If you need to run the <command>firewalld</command> daemon at system
startup, install the <filename>/etc/rc.d/init.d/firewalld</filename>
init script included in the
<xref linkend="bootscripts"/> package using the following command:
</para>
<para revision="systemd">
If you need to run the <command>firewalld</command> daemon at system
startup, enable the previously installed
<filename>firewalld.service</filename> unit with the following command:
</para>
<indexterm zone="firewalld firewalld-init">
<primary sortas="f-firewalld">firewalld</primary>
</indexterm>
<screen role="root" revision="sysv"><userinput>make install-firewalld</userinput></screen>
<screen role="root" revision="systemd"><userinput>systemctl enable firewalld</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>
firewall-applet, firewall-cmd, firewall-config, firewall-offline-cmd,
and firewalld
</seg>
<seg>
None
</seg>
<seg>
/etc/firewalld,
/etc/firewall,
/usr/lib/firewalld, and
/usr/lib/python-&python3-version;/site-packages/firewall
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="firewall-applet">
<term><command>firewall-applet</command></term>
<listitem>
<para>
is a tray applet using QSettings backend.
</para>
<indexterm zone="firewalld firewall-applet">
<primary sortas="b-firewall-applet">firwall-applet</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="firewall-cmd">
<term><command>firewall-cmd</command></term>
<listitem>
<para>
is the primary command line frontend.
</para>
<indexterm zone="firewalld firewall-cmd">
<primary sortas="b-firewall-cmd">firewall-cmd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="firewall-config">
<term><command>firewall-config</command></term>
<listitem>
<para>
is a GUI configuration tool using GTK+-3.
</para>
<indexterm zone="firewalld firewall-config">
<primary sortas="b-firewall-config">firewall-config</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="firewall-offline-cmd">
<term><command>firewall-offline-cmd</command></term>
<listitem>
<para>
is a command line client used for permanent configuration while
firewalld is not running.
</para>
<indexterm zone="firewalld firewall-offline-cmd">
<primary sortas="b-firewall-offline-cmd">firewall-offline-cmd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="firewalld-daemon">
<term><command>firewalld</command></term>
<listitem>
<para>
is the Dynamic Firewall Manager daemon.
</para>
<indexterm zone="firewalld firewalld-daemon">
<primary sortas="b-firewalld">firewalld</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink