Hello,
there is no Xfce live iso in RC-1.2:
https://dl.fedoraproject.org/pub/alt/stage/29_RC-1.2/Spins/x86_64/iso/
It has been available in beta-1.5:
https://dl.fedoraproject.org/pub/alt/stage/29_Beta-1.5/Spins/x86_64/iso/Fedora-Xfce-Live-x86_64-29_Beta-1.5.iso
It is also available in
Hello,
the transaction model that has been introduced with firewalld-0.4.2 makes it
possible to group rules together and to apply them at once and quick. For this
the restore commands of iptables, ip6tables and ebtables are used as long as
they are available.
At the moment the transaction model
Hello,
On 03/22/2016 09:47 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Tue, Mar 22, 2016 at 06:01:14PM +0100, Phil Sutter wrote:
Hi,
I am in the process of splitting the 'tc' utility off from iproute
package. The motivation for this comes from two things:
1) Due to it's xt/ipt action, tc
On 07/14/2015 12:40 AM, opensou...@till.name wrote:
prelink jakub, mjw60 weeks ago
...
twoerner: prelink
There seems to be a bug in your script ...
--
devel mailing list
devel@lists.fedoraproject.org
On 12/09/2014 03:57 PM, Christian Schaller wrote:
- Original Message -
From: Brian Wheeler bdwhe...@indiana.edu
To: devel@lists.fedoraproject.org
Sent: Tuesday, December 9, 2014 9:18:47 AM
Subject: Re: Workstation Product defaults to wide-open firewall
On 12/09/2014 08:50 AM,
On 12/08/2014 12:51 PM, Bastien Nocera wrote:
- Original Message -
Am 08.12.2014 um 12:34 schrieb Bastien Nocera:
Am 08.12.2014 um 11:45 schrieb Bastien Nocera:
Well, I'll understand these aspects.
But when I think about Linux, especially about Fedora, I'm thinking
about the
On 12/08/2014 10:50 AM, Bastien Nocera wrote:
- Original Message -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We don't need open or preconfigured high ports.
What we really need is a user notification with options to allow or
deny like we do with SELinux.
That would be a
On 12/08/2014 03:12 PM, Bastien Nocera wrote:
- Original Message -
On 12/08/2014 12:51 PM, Bastien Nocera wrote:
snip
This is wrong and you know about that - the firewalld folks have been
urged to use this zone for the Workstation product - it was a
Workstation team decision.
On 12/08/2014 03:45 PM, Bastien Nocera wrote:
- Original Message -
On 12/08/2014 03:12 PM, Bastien Nocera wrote:
- Original Message -
On 12/08/2014 12:51 PM, Bastien Nocera wrote:
snip
This is wrong and you know about that - the firewalld folks have been
urged to use
On 07/08/2014 01:20 AM, Ian Pilcher wrote:
On 07/07/2014 12:03 PM, Thomas Woerner wrote:
On 07/07/2014 02:55 PM, Stephen Gallagher wrote:
Thomas, the real question here is this: If a package wants to install
(and maintain) its own set of firewalld service definitions, is the
approach Stef took
On 07/07/2014 02:55 PM, Stephen Gallagher wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/04/2014 07:36 AM, Thomas Woerner wrote:
On 07/03/2014 09:32 PM, Stef Walter wrote:
On 03.07.2014 15:39, Rex Dieter wrote:
I'm looking into providing a predefined firewalld service
definition
Is this the recommended approach? If so, I'll follow this lead, and maybe
start work on drafting some packaging guidelines.
Thomas Woerner would be the one to work out those guidelines.
Yes.
But to explain ... apparently there are two firewalld environments.
When you install a service file
On 04/28/2014 08:09 PM, Florian Weimer wrote:
On 04/28/2014 12:42 PM, David Woodhouse wrote:
Actually, I think the best way to fix this is with SELinux, rather than
iptables. Why go for an overly complex solution where authorised
processes have to prod a firewall dæmon to change the iptables
On 04/22/2014 09:17 PM, Russell Doty wrote:
On Tue, 2014-04-22 at 15:04 -0400, Simo Sorce wrote:
On Tue, 2014-04-22 at 14:41 -0400, Russell Doty wrote:
On Tue, 2014-04-22 at 14:23 -0400, Simo Sorce wrote:
On Tue, 2014-04-22 at 13:22 -0400, Russell Doty wrote:
On Tue, 2014-04-22 at 19:01
On 04/21/2014 12:22 AM, drago01 wrote:
On Mon, Apr 21, 2014 at 12:02 AM, Reindl Harald h.rei...@thelounge.net wrote:
* there are network services enabled by default
Again that's a bug and a viloation of the guidelines. Which services
are you talking about?
Please file bugs.
* avahi is one
On 04/15/2014 09:14 PM, Michael Cronenworth wrote:
Christian Schaller wrote:
We already allow that and have for a long while. Any application
bothering to support the firewalld dbus interface can open any port
they wish to.
Good luck getting software to add this.
A more sensible option would
On 04/15/2014 10:49 PM, Matthias Clasen wrote:
On Tue, 2014-04-15 at 20:41 +0200, Thomas Woerner wrote:
What you need is clearly different zones that the user can configure
and associate to networks, with the default being that you trust nothing
and everything is firewalled when you roam
On 04/16/2014 01:11 AM, William Brown wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
On Tue, 2014-04-15 at 20:41 +0200, Thomas Woerner wrote:
What you need is clearly different zones that the user can configure
and associate to networks, with the default being that you
On 04/16/2014 02:18 AM, Chuck Anderson wrote:
On Tue, Apr 15, 2014 at 07:28:35PM -0400, Simo Sorce wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
You have connected to an new network. If this is a public network, you
may want to stop sharing your Music and disable Remote
On 04/16/2014 02:28 PM, Josh Boyer wrote:
On Wed, Apr 16, 2014 at 7:11 AM, Ian Malone ibmal...@gmail.com wrote:
On 16 April 2014 00:11, William Brown will...@firstyear.id.au wrote:
On Tue, 2014-04-15 at 13:49 -0700, Matthias Clasen wrote:
I don't think we want a 'firewall' UI anyway; the
On 04/16/2014 06:43 PM, Tomasz Torcz wrote:
On Wed, Apr 16, 2014 at 12:32:02PM -0400, Simo Sorce wrote:
I think what you are describing could be probably realized with SELinux
today, just with a special setroubleshoot frontend that catches the AVC
when the service tries to listen and ask the
On 04/15/2014 04:28 PM, Christian Schaller wrote:
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change: Workstation: Disable firewall
Am 15.04.2014 11:32,
On 04/15/2014 04:42 PM, Reindl Harald wrote:
Am 15.04.2014 16:28, schrieb Christian Schaller:
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change: Workstation:
On 04/15/2014 04:37 PM, Simo Sorce wrote:
On Tue, 2014-04-15 at 10:28 -0400, Christian Schaller wrote:
- Original Message -
From: Reindl Harald h.rei...@thelounge.net
To: devel@lists.fedoraproject.org
Sent: Tuesday, April 15, 2014 11:40:20 AM
Subject: Re: F21 System Wide Change:
Hello,
On 10/09/2013 02:07 PM, Jaroslav Reznik wrote:
= Proposed System Wide Change: Python 3 as the Default Implementation =
https://fedoraproject.org/wiki/Changes/Python_3_as_Default
Note: Change requested by FESCo in advance for targeted Fedora.
firewalld is now fully compatible to
On 10/02/2013 10:37 AM, Miroslav Suchý wrote:
On 10/02/2013 08:33 AM, Mateusz Marzantowicz wrote:
I've found this page [1] with following content:
- Targeted release: Fedora 16
- Last updated: 2011-06-27
- Percentage of completion: 10%
Is it OK to have feature which is 10% complete and is
On 09/20/2013 09:05 PM, P J P wrote:
Hi,
- Original Message -
From: Thomas Woerner twoer...@redhat.com
Subject: Re: About F19 Firewall
1) Separate zones.
NM connections, interfaces and source addresses or ranges can be bound
to zones. The initial default zone is public and all
On 09/20/2013 10:10 PM, P J P wrote:
Hi,
- Original Message -
From: Thomas Woerner twoer...@redhat.com
Subject: Re: About F19 Firewall
If a static firewall configuration fits your needs, just disable
firewalld and use the ip*tables firewall services:
Static? Oh my...! Firewalld
On 09/24/2013 05:15 PM, P J P wrote:
Hello Thomas,
- Original Message -
From: Thomas Woerner twoer...@redhat.com
Subject: Re: About F19 Firewall
You have to make sure where you are adding new rules. Here is a simple
example where you want to drop everything from 192.168.1.18
On 09/21/2013 12:08 AM, Mateusz Marzantowicz wrote:
On 20.09.2013 22:23, Björn Persson wrote:
Anyone can broadcast an SSID. How does FirewallD authenticate the
network connection?
FirewallD is not responsible for such authentication/AP validation.
Firewall as such is not meant to assure
On 09/21/2013 12:22 AM, Chuck Anderson wrote:
On Fri, Sep 20, 2013 at 04:17:21PM +0200, Thomas Woerner wrote:
If a static firewall configuration fits your needs, just disable
firewalld and use the ip*tables firewall services:
https://fedoraproject.org/wiki/FirewallD?rd=FirewallD
On 09/24/2013 06:53 PM, Thomas Woerner wrote:
On 09/21/2013 12:22 AM, Chuck Anderson wrote:
On Fri, Sep 20, 2013 at 04:17:21PM +0200, Thomas Woerner wrote:
If a static firewall configuration fits your needs, just disable
firewalld and use the ip*tables firewall services:
https
On 09/15/2013 08:52 PM, P J P wrote:
Hi,
I upgraded to F19 recently. And I happened to look at the output of iptables(8)
today.
$ iptables -nL
It's baffling! It's crazy 4 pages long listing!!
Why
are there so many chains? Most are empty. Those which have rules, jump
from one
Hello,
On 09/16/2013 07:55 AM, P J P wrote:
Hello Tomasz,
- Original Message -
From: Tomasz Torcz to...@pipebreaker.pl
Subject: Re: About F19 Firewall
You seem to have missed this Fedora *18* feature:
https://fedoraproject.org/wiki/Features/firewalld-default
firewall-cmd is
On 09/17/2013 07:21 AM, P J P wrote:
- Original Message -
From: P J P pj.pan...@yahoo.co.in
Subject: About F19 Firewall
It doesn't have to be so complicated that even if one tries to understand it,
he/she can not. :(
This small script seems to work good.
===
#!/bin/sh
#
#
On 09/18/2013 08:16 AM, P J P wrote:
Hello,
- Original Message -
From: Mateusz Marzantowicz mmarzantow...@osdf.com.pl
Subject: Re: About F19 Firewall
Maybe, true but I doubt that simpler set of rules, that never get
audited, written by inexperienced users are more secure than
On 09/20/2013 04:15 PM, Matthew Miller wrote:
On Tue, Sep 17, 2013 at 04:50:06PM +0200, Mateusz Marzantowicz wrote:
It's written in Python and so what? Interpreted languages like Perl and
Bash are widely used in Linux world to implement many tools. I don't buy
argumentation that if something is
On 09/10/2013 10:07 PM, Peter Oliver wrote:
Empathy's People Nearby feature doesn't work out of the box because
the required ports are blocked by default by the firewall
(https://bugzilla.redhat.com/show_bug.cgi?id=844308). It's a similar
story with Gnome's Media Sharing feature, and I'm sure
Hello,
iptables has been updated in Fedora rawhide. The version of libxtables
has been bumped to 10. Therefore all packages, that require libxtables
need to be rebuilt for the new lib. iproute has been rebuilt already.
There are also testing packages for F-18:
On 02/07/2013 05:23 PM, Aaron Gray wrote:
Can someone who knows firewalld please do a HOWTO to on setting up a
secondary DHCP with DNS and HTTPS access for PXEBOOTing of Fedora18
please to go with the PXEBOOT HOWTO :-
http://linux-sxs.org/internet_serving/pxeboot.html
Hope someone can help, I
On 02/01/2013 04:43 AM, Scott Schmit wrote:
On Wed, Jan 30, 2013 at 12:56:18PM +, Jaroslav Reznik wrote:
= Features/FirewalldRichLanguage =
https://fedoraproject.org/wiki/Features/FirewalldRichLanguage
Feature owner(s): Thomas Woerner twoer...@redhat.com
This feature adds a rich (high
On 11/12/2012 08:53 PM, Matthew Miller wrote:
On Sat, Nov 10, 2012 at 09:53:13PM +0100, Kevin Kofler wrote:
I really don't understand why a core system component such as firewalld is
implemented in Python!
Here, I mostly don't see the reason for it to be running all the time.
Couldn't it be
On 11/13/2012 03:46 PM, Matthew Miller wrote:
On Tue, Nov 13, 2012 at 02:28:17PM +0100, Tomasz Torcz wrote:
Here, I mostly don't see the reason for it to be running all the time.
Couldn't it be dbus activated, and then go away when it's not needed? Then,
it would matter less what it was written
On 11/13/2012 04:02 PM, Matthew Miller wrote:
On Fri, Nov 09, 2012 at 11:57:12AM -0500, Matthew Miller wrote:
- no way to run once and exit for cloud guests with *non-dynamic* firewall
needs, and it's a non-trivial user of system resources
You can use the old firewall environment for
On 11/13/2012 05:36 PM, Matthew Miller wrote:
On Tue, Nov 13, 2012 at 05:28:42PM +0100, Thomas Woerner wrote:
If you want to recreate rules, use reload. If you restart the
service with systemd, the servce gets stopped and started again, so
you will loose internal state. This is how services
On 11/13/2012 06:16 PM, Dennis Jacobfeuerborn wrote:
On 11/13/2012 05:28 PM, Thomas Woerner wrote:
On 11/13/2012 03:46 PM, Matthew Miller wrote:
On Tue, Nov 13, 2012 at 02:28:17PM +0100, Tomasz Torcz wrote:
Here, I mostly don't see the reason for it to be running all the time.
Couldn't
On 11/09/2012 07:45 PM, Reindl Harald wrote:
Am 09.11.2012 17:45, schrieb Thomas Woerner:
On 11/09/2012 05:24 PM, Eric H. Christensen wrote:
Please have a look at the feature list for F-18.
firewalld replaces system-config-firewall/lokkit, and the iptables and
ip6tables services
On 11/09/2012 05:21 AM, Matthew Miller wrote:
I'm making a crude fake EC2 environment on my test machine, and as part of
that, I need a web server listening on 169.254.169.254. I've bound this
address to lo:0. How do I use firewall-cmd to allow http through? It's
blocked by default.
I thought I
On 11/09/2012 03:33 PM, Matthew Miller wrote:
https://fedoraproject.org/wiki/Features/firewalld-default
We have an accepted feature for Firewalld to be the default in Fedora 18.
The old scripts are primitive and can't handle dynamic environments very
well, so having something new and modern is
On 11/09/2012 05:24 PM, Eric H. Christensen wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Nov 09, 2012 at 09:33:08AM -0500, Matthew Miller wrote:
https://fedoraproject.org/wiki/Features/firewalld-default
We have an accepted feature for Firewalld to be the default in Fedora 18.
On 11/08/2012 06:37 PM, Bill Nottingham wrote:
Matthew Miller (mat...@fedoraproject.org) said:
On Wed, Nov 07, 2012 at 07:56:30PM -0800, Adam Williamson wrote:
long story short, it's firewalld. Its deps are pretty heavy for
something that's supposed to be in minimal. I'm sure twoerner would
Hello,
On 10/25/2012 10:17 AM, Peter Lemenkov wrote:
Hello All!
Not so long after opening CDE they relicensed (Open)Motif under LGPL.
http://sourceforge.net/projects/motif/
Time to rewrite everything with Motif! :)
after more than one year of work with ICS and the Open Group it finally
got
On 04/17/2012 11:17 PM, Chris Murphy wrote:
On Apr 17, 2012, at 2:32 PM, Al Dunsmuir wrote:
On Tuesday, April 17, 2012, 4:15:53 PM, Chris Murphy wrote:
On Apr 17, 2012, at 1:49 PM, Andreas Tunek wrote:
I do not see anything in the f17 feature page describing any graphical
configuration tool.
On 04/13/2012 07:13 PM, Chris Murphy wrote:
On Mar 26, 2012, at 4:21 AM, Thomas Woerner wrote:
firewalld-config is not finished, yet. I am working on it.
This is still not in F17 beta RC4 which means it's not going to be in the beta
at all. I'm a little mystified why firewalld would ship
On 03/24/2012 10:09 PM, Chris Murphy wrote:
Fedora-17-Beta-x86_64-Live-Desktop.iso
http://fedoraproject.org/wiki/FirewallD suggests I should have firewall-config. The
configuration tool firewall-config is the main configuration tool for the firewall
daemon.
But I'm not finding
On 03/24/2012 10:09 PM, Chris Murphy wrote:
Fedora-17-Beta-x86_64-Live-Desktop.iso
http://fedoraproject.org/wiki/FirewallD suggests I should have firewall-config. The
configuration tool firewall-config is the main configuration tool for the firewall
daemon.
But I'm not finding
Hello,
today is firewalld test day.
https://fedoraproject.org/wiki/Test_Day:2012-03-19_firewalld
For testing please use a fully updated Fedora 17 installation (all
testing packages applied). For test cases and more information please
have a look at the test page.
If you need assistance or
On 03/02/2012 11:31 PM, Tore Anderson wrote:
* Tom Callaway
On 03/02/2012 04:39 PM, Tore Anderson wrote:
This one *most likely* works (it assumes /sbin/dhclient in Fedora will
*always* use a link-local source address when building a DHCPv6 request.
I believe that is the case, but I have not
On 03/10/2012 03:31 PM, Tore Anderson wrote:
Regarding this bug in particular, I'll just note that it there is
already a precedent. In a default Fedora installation, traffic to the
DHCPv4 client (which is the same binary as the DHCPv6 client) is allowed
from the entire internet. From a security
On 03/01/2012 04:52 PM, Paul Wouters wrote:
On Thu, 1 Mar 2012, Dan Williams wrote:
On Wed, 2012-02-29 at 17:20 +0100, Tore Anderson wrote:
* Jerry James
Interesting. I'm seeing kind of the inverse problem:
https://bugzilla.redhat.com/show_bug.cgi?id=771130. Could that be
related to the
On 02/16/2012 03:22 AM, Emanuel Rietveld wrote:
On 02/16/2012 02:06 AM, Jóhann B. Guðmundsson wrote:
On 02/15/2012 11:09 PM, Emanuel Rietveld wrote:
I propose the following script in /etc/init.d/iptables
I propose you file a BUG against IPTABLES and put your proposal into
that bug report
Here are two more in ReadyForWrangler state:
https://fedoraproject.org/wiki/Features/firewalld-default
https://fedoraproject.org/wiki/Features/network-zones
Thanks,
Thomas
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
zone code will be sent upstream
to initiate the integration process.
Thanks in advance,
Thomas Wörner
Jiri Popelka
--
Thomas Woerner
Software EngineerPhone: +49-711-96437-310
Red Hat GmbH Fax : +49-711-96437-111
Hauptstaetterstr. 58 Email: Thomas Woerner
Hello Jaroslav,
On 07/25/2011 05:04 PM, Jaroslav Reznik wrote:
On Monday, July 25, 2011 04:43:37 PM Thomas Woerner wrote:
Hello,
Hi Thomas!
the features firewalld-default and network-zones will be postponed for
Fedora-17. The features are not ready yet and also the integration into
other
On 12/24/2010 11:45 PM, Colin Walters wrote:
On Thu, Dec 23, 2010 at 11:03 AM, Thomas Woernertwoer...@redhat.com wrote:
- A simple tray applet (firewall-applet)
Actively deprecated; please consider other interfaces. In this case,
I think a control panel module is just fine.
Is there an
. This is required for
libvirt (and later on also NetworkManager). The D-BUS interface
documentation is work in progress and will be added later on.
Comments and additional information is highly welcome.
Thanks in advance,
Thomas
--
Thomas Woerner
Software EngineerPhone: +49-711-96437-310
On 10/06/2010 08:31 PM, Richard W.M. Jones wrote:
Seems quite complex. What's wrong with a directory:
/etc/iptables.d/
where RPMs like libvirt just drop the required additional rules (in a
separate chain if you like) and restart the iptables service? It's
low-tech but simple and it's
On 10/07/2010 02:20 AM, Genes MailLists wrote:
On 10/06/2010 11:26 AM, Thomas Woerner wrote:
6) Compatibility Mode
The current static firewall model will still be available for
compatibility for users or administrators creating their own firewall.
This deactivates the firewall service
I am currently working on a proof of concept implementation of a
firewall daemon, that will support dynamic firewall management with a
D-BUS interface.
This implementation should be usable in some days and will feature the
transition of the current firewall model to the dynamic version. It
On 07/07/2010 10:29 PM, Tom spot Callaway wrote:
[twoerner] system-config-firewall:
system-config-firewall-base-1.2.25-1.fc14.noarch
system-config-firewall and system-config-firewall-tui both require
system-config-firewall-base.
system-config-firewall-base provides the COPYING file. Therefore
On 05/04/2010 11:21 PM, Mike McGrath wrote:
Here's a list of f12 - f13 with unclean update paths based on srpm.
I'll work with FES to to go through and get some builds out. Some might
make it in to F13 final, some will go out as F13-updates.
greater for f12: rawtherapee
f12 =
71 matches
Mail list logo