-
Epic
-
Resolution: Unresolved
-
Normal
-
rhel-10.0.beta
-
[RHEL EPIC] GA Firewalld Support - RHEL 10.0 Beta
-
-
Red Hat Enterprise Linux
-
sst_container_tools
-
23
-
False
-
-
Yes
-
QE ack, Dev ack, Docs ack, PXE ack
-
Enhancement
-
TBD
Description
Bring Netavark support for Firewalld up to GA.
SME: Matt Heon
(The following is a slightly edited Slack conversation with mheon@redhat.com )
This adds native support for firewalld as a firewall backend for Netavark. We have previously supported working on firewalld systems via the
iptables and nftables drivers, but this was not native support - we were adding our own iptables/nftables rules. Native support allows us to
be managed through the firewalld CLI (firewall-cmd). This is a benefit for a few customers.
Things will function exactly as they do with the nftables driver with the benefit that we will support systems
that do not include iptables but the caveat that firewalld must be active and running. If the user does not
have firewalld active and running, nftables should be preferred.
Note that all Netavark features will function as they did with nftables, the difference is the backend.
Goals
For users that already or want to use Firewalld and would prefer Podman manage its rules in a compatible way.
Requirements
The Netavark work is done for nftables, this card is for tracking it as a release feature, which depends on certain code being released in firewalld and then work completed in netavark to make use of it.
- depends on
-
RHEL-27842 [RFE] Explicit addition of the port to firewalld by the admin before forwarding
- Planning
- is cloned by
-
RHEL-33558 [RHEL EPIC] GA Firewalld Support - RHEL 9.5
- In Progress