Uploaded image for project: 'Container Tools'
  1. Container Tools
  2. RUN-3273

[RHEL EPIC] [QE Test] GA Firewalld Support - RHEL 10.2

XMLWordPrintable

    • [RHEL EPIC] GA Firewalld Support - RHEL 10.2
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • To Do
    • RHELBU-2706 - Native Firewalld Support
    • rhel-container-tools
    • Hide
      .Native `firewalld` support in Netavark

      Netavark now includes support for `firewalld` as a firewall backend and has to be configured in the `containers.conf` file. With this update, Netavark integrates directly with `firewalld`, allowing firewall management by using the firewall-cmd command-line interface.
      Note that `firewalld` must be active and running for native support to work.
      If `firewalld` is not running, `nftables` remains the recommended fallback.
      Show
      .Native `firewalld` support in Netavark Netavark now includes support for `firewalld` as a firewall backend and has to be configured in the `containers.conf` file. With this update, Netavark integrates directly with `firewalld`, allowing firewall management by using the firewall-cmd command-line interface. Note that `firewalld` must be active and running for native support to work. If `firewalld` is not running, `nftables` remains the recommended fallback.
    • Enhancement
    • Proposed
    • Red Hat Enterprise Linux

      Description

      Bring Netavark support for Firewalld up to GA.

      SME: Matt Heon

      (The following is a slightly edited Slack conversation with mheon@redhat.com )

      This adds native support for firewalld as a firewall backend for Netavark. We have previously supported working on firewalld systems via the 
      iptables and nftables drivers, but this was not native support - we were adding our own iptables/nftables rules. Native support allows us to 
      be managed through the firewalld CLI (firewall-cmd). This is a benefit for a few customers.

      Things will function exactly as they do with the nftables driver with the benefit that we will support systems 
      that do not include iptables but the caveat that firewalld must be active and running. If the user does not 
      have firewalld active and running,  nftables should be preferred.

      Note that all Netavark features will function as they did with nftables, the difference is the backend.

      Goals

      For users that already or want to use Firewalld and would prefer Podman manage its rules in a compatible way.

      Requirements

      The Netavark work is done for nftables, this card is for tracking it as a release feature, which depends on certain code being released in firewalld and then work completed in netavark to make use of it.{}

              ypu@redhat.com Yiqiao Pu
              tsweeney@redhat.com Tom Sweeney
              Container Runtime Eng Bot Container Runtime Eng Bot
              Yuhui Jiang Yuhui Jiang
              Gabriela Necasova Gabriela Necasova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: