PR#487: Issue 396 - firewalld now uses nftables as its default backend - fedora-docs/release-notes - Pagure.io

fedora-docs / release-notes

#487 Issue 396 - firewalld now uses nftables as its default backend

Merged 5 years ago by pbokoc. Opened 5 years ago by pbokoc.

fedora-docs/ pbokoc/release-notes iss396 into f32

Issue 396 - firewalld now uses nftables as its default backend

Petr Bokoc • 5 years ago

272bf29

modules/release-notes/pages/sysadmin/Security.adoc

file modified

+12

		`@@ -3,3 +3,15 @@`

		`[[sect-security]]`
		`= Security`
		`+`
		`+ == firewalld now uses nftables as its default backend`
		`+`
		+ With this release, the `nftables` filtering subsystem becomes the default firewall backend for the `firewalld` daemon.
		+ To change the backend, use the `FirewallBackend` option in the `/etc/firewalld/firewalld.conf` file.
		+ This change introduces the following differences in behavior when using `nftables`:
		+ * `iptables` rule executions always occur _before_ `firewalld` rules
		+ ** `DROP` in `iptables` means a packet is never seen by `firewalld`
		+ ** `ACCEPT` in `iptables` means a packet is still subject to `firewalld` rules
		+ * direct-rule execution occurs _before_ `firewalld` generic acceptance of established connections
		`+`
		`+ For more information, see link:https://firewalld.org/2018/07/nftables-backend[] and link:https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables[].`

pbokoc commented 5 years ago

Fixes #396

Metadata

Assignee

None

Tags

No Tags

Changes Summary 1

file changed

modules/release-notes/pages/sysadmin/Security.adoc

Powered by Pagure 5.14.1

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.