{"id":13562374,"url":"https://github.com/firewalld/firewalld","last_synced_at":"2026-02-22T10:39:33.224Z","repository":{"id":28496357,"uuid":"32012681","full_name":"firewalld/firewalld","owner":"firewalld","description":"Stateful zone based firewall daemon with D-Bus interface","archived":false,"fork":false,"pushed_at":"2025-03-05T20:26:20.000Z","size":22596,"stargazers_count":908,"open_issues_count":261,"forks_count":284,"subscribers_count":38,"default_branch":"main","last_synced_at":"2025-03-05T21:46:47.950Z","etag":null,"topics":["firewall","ipset","iptables","linux","nftables"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/firewalld.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-11T10:51:38.000Z","updated_at":"2025-03-05T20:26:25.000Z","dependencies_parsed_at":"2023-02-16T21:01:00.893Z","dependency_job_id":"d52f0168-b367-4c6a-a325-2b01868b365e","html_url":"https://github.com/firewalld/firewalld","commit_stats":{"total_commits":3824,"total_committers":217,"mean_commits":"17.622119815668203","dds":0.6127092050209205,"last_synced_commit":"58c167bc7b6402e7e59d7fe9c53c5b394acca6f1"},"previous_names":[],"tags_count":137,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firewalld%2Ffirewalld","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firewalld%2Ffirewalld/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firewalld%2Ffirewalld/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/firewalld%2Ffirewalld/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/firewalld","download_url":"https://codeload.github.com/firewalld/firewalld/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247057034,"owners_count":20876500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","ipset","iptables","linux","nftables"],"created_at":"2024-08-01T13:01:07.990Z","updated_at":"2025-10-22T02:50:34.451Z","avatar_url":"https://github.com/firewalld.png","language":"Python","readme":"[![Build status](https://github.com/firewalld/firewalld/workflows/testsuite/badge.svg)](https://github.com/firewalld/firewalld/actions/workflows/testsuite.yml?query=event%3Apush+workflow%3Atestsuite)\n[![Integration status](https://github.com/firewalld/firewalld/workflows/integration%20testsuite/badge.svg)](https://github.com/firewalld/firewalld/actions?query=event%3Apush+workflow%3Aintegration-testsuite)\n[![Source status](https://github.com/firewalld/firewalld/workflows/source%20code%20and%20build%20checks/badge.svg)](https://github.com/firewalld/firewalld/actions?query=event%3Apush+workflow%3Asource-checks)\n\n\nFirewallD - A firewall daemon with D-Bus interface providing a dynamic firewall\n====================\n\nfirewalld provides a dynamically managed firewall with support for network or\nfirewall zones to define the trust level of network connections or interfaces.\nIt has support for IPv4, IPv6 firewall settings and for ethernet bridges and a\nseparation of runtime and permanent configuration options. It also provides an\ninterface for services or applications to add ip*tables and ebtables rules\ndirectly.\n\n\nDevelopment\n-----------\n\nTo check out the source repository, you can use:\n\n```sh\ngit clone https://github.com/firewalld/firewalld.git\n```\n\nThis will create a local copy of the repository.\n\nThe contributor code of conduct can be found in [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md)\n\nLanguage Translations\n---------------------\n\nFirewalld uses GNU gettext for localization support. Translations can be done\nusing [Fedora's Weblate instance][1]. Translations are periodically merged into\nthe main firewalld repository.\n\n[1]: https://translate.stg.fedoraproject.org/projects/firewalld/\n\nDependencies\n------------\n\nThese are the runtime dependencies:\n\n```\n linux \u003e= 5.3\n python \u003e= 3.8\n python3-dbus\n python3-gobject\n python3-nftables \u003e= 0.9.4\n```\n\n**Note**: python2 is _not_ supported.\n\nOptional Dependencies\n---------------------\n\nThese dependencies may enhance firewalld's functionality, but they are not\nrequired.\n\n```\n ebtables\n ipset\n iptables\n polkit\n python3-capng (libcap-ng-python3)\n```\n\nWorking With The Source Repository\n----------------------------------\n\nIn addition to the runtime dependencies some others are needed to build from\nsource:\n\n```\n desktop-file-utils: /usr/bin/desktop-file-install\n gettext\n intltool\n glib2: /usr/bin/glib-compile-schemas\n glib2-devel: /usr/share/aclocal/gsettings.m4\n systemd-units\n pytest\n```\n\nTo be able to create man pages and documentation from docbook files:\n\n```\n docbook-style-xsl\n libxslt\n```\n\nUse the usual autoconf/automake incantation to generate makefiles\n\n```sh\n./autogen.sh\n./configure\n```\n\nYou can use a specific python interpreter by passing the PYTHON variable. This\nis also used by the testsuite.\n\n```sh\n./configure PYTHON=/path/to/python3\n```\n\nUse\n\n```sh\nmake\n```\n\nto create the documentation and to update the po files.\n\nUse\n\n```sh\nmake check\n```\n\nto run the testsuite. Tests are run inside network namespaces and do not\ninterfere with the host's running firewalld. They can also be run in parallel\nby passing flags to autotest.\n\n```sh\nmake check TESTSUITEFLAGS=\"-j4\"\n```\n\nThe testsuite also uses keywords to allow running a subset of tests that\nexercise a specific area.\nFor example:\n\n```sh\nmake check TESTSUITEFLAGS=\"-k rich -j4\"\n```\n\nOutput:\n\n```sh\n 24: rich rules audit ok\n 25: rich rules priority ok\n 26: rich rules bad ok\n 53: rich rules audit ok\n 23: rich rules good ok\n 55: rich rules bad ok\n 74: remove forward-port after reload ok\n```\n\nYou can get a list of tests and keywords\n\n```sh\nmake -C src/tests check TESTSUITEFLAGS=\"-l\"\n```\n\nOr just the keywords\n\n```sh\nmake -C src/tests check TESTSUITEFLAGS=\"-l\" \\\n |awk '/^[[:space:]]*[[:digit:]]+/{getline; print $0}' \\\n |tr ' ' '\\n' |sort |uniq\n```\n\nThere are integration tests. Currently this includes NetworkManager. These may\nbe _destructive_ to the host. Run them in a disposable VM or container.\n\n```sh\nmake check-integration\n```\n\nThere is also a check-container target that will run the testsuite inside\nvarious podman/docker containers. This is useful for coverage of multiple\ndistributions. It also runs tests that may be destructive to the host such as\nintegration tests.\n\n```sh\nmake check-container TESTSUITEFLAGS=\"-j4\"\n```\n\nOCI Container Image\n-------------------\n\nAs part of the `dist` build target an OCI container image is generated. This is\ndistributed alongside the normal release tarball. It can be used to run\nfirewalld from a container. The containerized firewalld will _not_ integrate\nwith the host (e.g. podman, libvirt, NetworkManager).\n\nTo manually load the container image into your environment:\n\n```sh\npodman load -i .../path/to/firewalld-oci-\u003cver\u003e.tar\n```\n\nTo fetch the image from quay.io:\n\n```sh\npodman pull quay.io/firewalld/firewalld:\u003cver\u003e\n```\n\nwhere `\u003cver\u003e` is optional, the latest version will be used if omitted.\n\nTo start the daemon/container:\n\n```sh\npodman run -d --network host --privileged \\\n --name my-firewalld firewalld\n```\n\nFirewalld's configuration will live inside the container. Therefore\nusers may want to occasionally `podman commit` the image.\n\nUsing firewalld's CLI should be done via podman exec after the\ndaemon/container has been started:\n\n```sh\npodman exec my-firewalld firewall-cmd ...\n```\n\n### Container Integration with Host\n\nThe same container image can be used to integrate with the host's running\nNetworkManager, podman, libvirt, etc. This requires the host to have a dbus\npolicy for firewalld.\n\nA dbus policy can be obtained from the firewalld source code tree at location\n`config/FirewallD.conf`.\n\n```sh\ncp config/FirewallD.conf /usr/share/dbus-1/system.d/FirewallD.conf\n```\n\nOnce the dbus policy is in place the container could be started as such:\n\n```sh\npodman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \\\n --network host --privileged \\\n --name my-firewalld firewalld \\\n firewalld --nofork --nopid\n```\n\nThe only addition are: volume mount, explicit CMD.\n\nThe some approach can be use to store firewalld's configuration files on the\nhost.\n\n```sh\npodman run -d -v /run/dbus/system_bus_socket:/run/dbus/system_bus_socket \\\n -v /etc/firewalld:/etc/firewalld \\\n --network host --privileged \\\n --name my-firewalld firewalld \\\n firewalld --nofork --nopid\n```\n\nRPM package\n-----------\n\nFor Fedora and RHEL based distributions, there is a spec file in the source\nrepo named firewalld.spec. This should be usable for Fedora versions \u003e= 16 and\nRHEL \u003e= 7.\n\n\nLinks\n-----\n\nHomepage: http://firewalld.org\n\nReport a bug: https://github.com/firewalld/firewalld/issues\n\nGit repo browser: https://github.com/firewalld/firewalld\n\nGit repo: https://github.com/firewalld/firewalld.git\n\nDocumentation: http://firewalld.org/documentation/\n\n\nMailing lists\n-------------\n\nFor usage: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/\n\nFor development: https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/\n\n\nDirectory Structure\n-------------------\n\n| Directory | Content |\n| ----------------- | ----------------------------------------------------- |\n| config/ | Configuration files |\n| config/icmptypes/ | Predefined ICMP types |\n| config/services/ | Predefined services |\n| config/xmlschema/ | XML Schema checks for config files |\n| config/zones/ | Predefined zones |\n| config/ipsets/ | Predefined ipsets |\n| doc/ | Documentation |\n| doc/man/ | Base directory for man pages |\n| doc/man/man1/ | Man(1) pages |\n| doc/man/man5/ | Man(5) pages |\n| po/ | Translations |\n| shell-completion/ | Base directory for auto completion scripts |\n| src/ | Source tree |\n| src/firewall/ | Import tree for the service and all applications |\n| src/icons/ | Icons in the sizes: 16, 22, 24, 32, 48 and scalable |\n| src/tests/ | Testsuite |\n","funding_links":[],"categories":["Applications","Python","Core Components"],"sub_categories":["Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirewalld%2Ffirewalld","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffirewalld%2Ffirewalld","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffirewalld%2Ffirewalld/lists"}