search

kimchi-project / ginger

WoK plugin for host management
Other
66 stars 41 forks source link

firewall zones configuration for the network interfaces #107

Open potula-chandra opened 8 years ago

potula-chandra commented 8 years ago

Listing the firewall zones and give end user option of configuring the firewall zone to the network interface would be good to have feature.

Zone management:

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined.

To get the default zone, type:

firewall-cmd --get-default-zone

public

To get the list of zones where you’ve got network interfaces assigned to, type:

firewall-cmd --get-active-zones

public interfaces: eth0

To get the list of all the available zones, type:

firewall-cmd --get-zones

block dmz drop external home internal public trusted work

To get all the details about the public zone, type:

firewall-cmd --zone=public --list-all

public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

danielhb commented 8 years ago

At first glance firewall-cmd isnt't available for Ubuntu, so this feature would be fedora/rhel only

Make sure to implement the is_feature_available API properly. Actually we should've done that with the cfginterfaces model already ... Em 03/01/2016 8:42 AM, "Chandra Shekhar Reddy" notifications@github.com escreveu:

Listing the firewall zones and give end user option of configuring the firewall zone to the network interface would be good to have feature

Zone management:

Also, a new concept of zone appears : all network interfaces can be located in the same default zone or divided into different ones according to the levels of trust defined

To get the default zone, type: firewall-cmd --get-default-zone

public

To get the list of zones where you’ve got network interfaces assigned to, type: firewall-cmd --get-active-zones

public interfaces: eth0

To get the list of all the available zones, type: firewall-cmd --get-zones

block dmz drop external home internal public trusted work

To get all the details about the public zone, type: firewall-cmd --zone=public --list-all

public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:

— Reply to this email directly or view it on GitHub https://github.com/kimchi-project/ginger/issues/107.

danielhb commented 8 years ago

I'll have a crack at this when I have the chance.

If anyone is in a rush for this let me know and I'll reassign the issue