Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33557

[RHEL EPIC] GA Firewalld Support RHEL 10

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • [RHEL EPIC] GA Firewalld Support - RHEL 10
    • None
    • rhel-container-tools
    • 3
    • QE ack, Dev ack, Docs ack, PXE ack
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Red Hat Enterprise Linux
    • None
    • Hide

      The following needs to be verified in order for this epic to be considered complete:

      As noted in the description.  WIth firewall configured via the firewalld CLI, the container will operate as it would if the rules were created through Podman's private iptable/nftables rules.

       

      Show
      The following needs to be verified in order for this epic to be considered complete: As noted in the description.  WIth firewall configured via the firewalld CLI, the container will operate as it would if the rules were created through Podman's private iptable/nftables rules.  
    • None
    • None
    • Enhancement
    • Hide
      Netavark support for `firewalld` service is available::
      +
      With this update, Netavark now supports `firewalld` service as a firewall backend, allowing system administrators to manage all firewall functionality, including Podman related rules, through the `firewall-cmd` command line.
      +
      This enhancement provides a more native and integrated experience for users who prefer to use `firewalld` and have it manage Podman's rules in a compatible way. The back end must be explicitly configured in the `containers.conf` file, and `firewalld` must be active and running for this feature to function correctly. This optional feature offers an alternative to the default nftables/iptables backends for Netavark.
      Show
      Netavark support for `firewalld` service is available:: + With this update, Netavark now supports `firewalld` service as a firewall backend, allowing system administrators to manage all firewall functionality, including Podman related rules, through the `firewall-cmd` command line. + This enhancement provides a more native and integrated experience for users who prefer to use `firewalld` and have it manage Podman's rules in a compatible way. The back end must be explicitly configured in the `containers.conf` file, and `firewalld` must be active and running for this feature to function correctly. This optional feature offers an alternative to the default nftables/iptables backends for Netavark.
    • In Progress
    • Required
    • Required
    • None

      Description

      Bring Netavark support for Firewalld up to GA.

      SME: Matt Heon

      (The following is a slightly edited Slack conversation with mheon@redhat.com )

      This adds native support for firewalld as a firewall backend for Netavark. We have previously supported working on firewalld systems via the 
      iptables and nftables drivers, but this was not native support - we were adding our own iptables/nftables rules. Native support allows us to 
      be managed through the firewalld CLI (firewall-cmd). This is a benefit for a few customers.

      Things will function exactly as they do with the nftables driver with the benefit that we will support systems 
      that do not include iptables but the caveat that firewalld must be active and running. If the user does not 
      have firewalld active and running,  nftables should be preferred.

      Note that all Netavark features will function as they did with nftables, the difference is the backend.

      Goals

      For users that already or want to use Firewalld and would prefer Podman manage its rules in a compatible way.

      Requirements

      The Netavark work is done for nftables, this card is for tracking it as a release feature, which depends on certain code being released in firewalld and then work completed in netavark to make use of it.{}

              mheon@redhat.com Matt Heon
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Yuhui Jiang Yuhui Jiang
              Mugdha Soni Mugdha Soni
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: