Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-33558

[RHEL EPIC] GA Firewalld Support - RHEL 9.5

XMLWordPrintable

    • [RHEL EPIC] GA Firewalld Support - RHEL 10.0 Beta
    • Hide

      The following needs to be verified in order for this epic to be considered complete:

      As noted in the description.  WIth firewall configured via the firewalld CLI, the container will operate as it would if the rules were created through Podman's private iptable/nftables rules.

       

      Show
      The following needs to be verified in order for this epic to be considered complete: As noted in the description.  WIth firewall configured via the firewalld CLI, the container will operate as it would if the rules were created through Podman's private iptable/nftables rules.  
    • Red Hat Enterprise Linux
    • sst_container_tools
    • 23
    • False
    • Hide

      None

      Show
      None
    • Yes
    • QE ack, Dev ack, Docs ack, PXE ack
    • Enhancement
    • TBD

      Description

      Bring Netavark support for Firewalld up to GA.

      SME: Matt Heon

      (The following is a slightly edited Slack conversation with mheon@redhat.com )

      This adds native support for firewalld as a firewall backend for Netavark. We have previously supported working on firewalld systems via the 
      iptables and nftables drivers, but this was not native support - we were adding our own iptables/nftables rules. Native support allows us to 
      be managed through the firewalld CLI (firewall-cmd). This is a benefit for a few customers.

      Things will function exactly as they do with the nftables driver with the benefit that we will support systems 
      that do not include iptables but the caveat that firewalld must be active and running. If the user does not 
      have firewalld active and running,  nftables should be preferred.

      Note that all Netavark features will function as they did with nftables, the difference is the backend.

      Goals

      For users that already or want to use Firewalld and would prefer Podman manage its rules in a compatible way.

      Requirements

      The Netavark work is done for nftables, this card is for tracking it as a release feature, which depends on certain code being released in firewalld and then work completed in netavark to make use of it.

       

            tsweeney@redhat.com Tom Sweeney
            tsweeney@redhat.com Tom Sweeney
            Container Runtime Eng Bot Container Runtime Eng Bot
            Container Runtime Bugs Bot Container Runtime Bugs Bot
            Gabriela Necasova Gabriela Necasova
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: