diff options
author | Beniamino Galvani <bgalvani@redhat.com> | 2020-05-08 09:12:33 +0200 |
---|---|---|
committer | Beniamino Galvani <bgalvani@redhat.com> | 2020-05-15 19:06:24 +0200 |
commit | 3e2b723532a0fa390b533eccb72084adf3911c9c (patch) | |
tree | 0709a2959c9f4f6d2b00065ff89405a691ad6d2c /NEWS | |
parent | c8b5bf402d20077a73c15d55fc90c26e97119711 (diff) | |
download | NetworkManager-3e2b723532a0fa390b533eccb72084adf3911c9c.tar.gz |
device: use the nm-shared firewalld zone in shared mode
When the interface is in IPv4 or IPv6 shared mode and the user didn't
specify an explicit zone, use the nm-shared one.
Note that masquerade is still done through iptables direct calls
because at the moment it is not possible for a firewalld zone to do
masquerade based on the input interface.
The firewalld zone is needed on systems where firewalld is using the
nftables backend and the 'iptables' binary uses the iptables API
(instead of the nftables one). On such systems, even if the traffic is
allowed in iptables by our direct rules, it can still be dropped in
nftables by firewalld.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -8,6 +8,14 @@ The API is subject to change and not guaranteed to be compatible with the later release. USE AT YOUR OWN RISK. NOT RECOMMENDED FOR PRODUCTION USE! +* Add a new build option 'firewalld-zone'; when enabled, + NetworkManager installs a firewalld zone for connection sharing and + puts interfaces using IPv4 or IPv6 shared mode in this zone during + activation. The option is enabled by default. + Note that NetworkManager still calls to iptables to enable + masquerading and open needed ports for DHCP and DNS. The new option + is useful on systems using firewalld with the nftables backend, + where the iptables rules would not be sufficient. * Add MUD URL property for connection profiles (RFC 8520) and set it for DHCP and DHCPv6 requests. * IPv6 SLAAC: improved the reaction of IPv6 SLAAC to renumbering events: |