RHEL 7.3 Firewalld new features.

Share this link

From RHEL 7.0 to RHEL 7.2, Firewalld didn’t really evolve (v0.3.9.7 -> v0.3.9.14). It was mainly a matter of bug fixes.

As usual with RedHat, Systemd already showed it, new Firewalld features are triggered by backport difficulties: as new bugs are found, fixes are applied but, at some point, this becomes too difficult to maintain, upgrade to a complete new software version is necessary, bringing a new set of features as an additional bonus.

The new version of Firewalld (v0.4.3.2) included in RHEL 7.3 comes with the following features:

  • performance improvements: Firewalld starts and restarts significantly faster thanks to the new transaction model which groups together rules that are applied simultaneously.
  • ebtables support: tables of rules similar to iptables but for Ethernet frames, ebtables, are now supported and can be used in direct chains and rules.
  • better zone management: zone settings (connections, interfaces and sources) can be specified in NetworkManager, in Firewalld or in the ifcfg files.
  • ipset support: ability to create a set of IP addresses or networks used as zone sources, within rich and direct rules.
  • MAC address management: ability to specify a MAC address to define a source.
  • new firewall-cmd options: –info-zone displays details about a given zone, –info-service about a given service and –info-ipset about a given ipset.
  • easier troubleshooting: with the new LogDenied directive in the /etc/firewalld/firewalld.conf file, the user can easily debug and log denied packets.

As usual, the Firewalld dedicated page has been updated with the new available features and lots of details.

Posted in RHEL7

Leave a Reply

Be the First to Comment!

Notify of
wpDiscuz

RHCSA7: Task of the day

Allowed time: 10 minutes.
Archive and compress the content of the /opt directory (create files if none exists).
Uncompress and unarchive the resulting file in /root

RHCE7: Task of the day

Allowed time: 10 minutes.
Change the SSH process configuration to only listen on the 443 port.

Poll for favorite RHEL 7 book

What is your favorite RHEL 7 book to prepare RHCSA & RHCE exams?

View Results

Loading ... Loading ...

Poll for most difficult RHCSA 7 topic

What do you think is the most difficult RHCSA 7 topic?

View Results

Loading ... Loading ...

Poll for most difficult RHCE 7 topic

What do you think is the most difficult RHCE 7 topic?

View Results

Loading ... Loading ...