LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora introduces Network Zones

Fedora introduces Network Zones

Posted Mar 1, 2012 3:38 UTC (Thu) by smoogen (subscriber, #97)
In reply to: Fedora introduces Network Zones by smoogen
Parent article: Fedora introduces Network Zones

I missed the PolicyKit items when first reading the article. A bit more explanation might help me understand it better though.

(Log in to post comments)

Fedora introduces Network Zones

Posted Mar 1, 2012 12:40 UTC (Thu) by Ben_P (subscriber, #74247) [Link]

It sounded like PolicyKit is used to ensure that only these Network Zones tools can modify the firewall. So you'd have to auth with policykit before you could modify any IpTables state, that's how I read it anyway. So the Zones application would defacto auth with policykit so when it decides to change the firewall, it can.

Also, will it be possible to associate zones with actual IpTables rule sets? I'm very comfortable with the existing iptables command line interface and the format in the linked zone files ( http://git.fedorahosted.org/git/?p=firewalld.git;a=tree;f... ) at least at first reading doesn't seem nearly as verbose. Maybe someone has a link to the file spec for these zone xml files?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds