Firewalld 2.0 Released With Faster Forwarding Performance Via NFTables Flowtable

Written by Michael Larabel in Free Software on 23 June 2023 at 02:26 PM EDT. 15 Comments
FREE SOFTWARE
The Firewalld open-source firewall daemon has been in development since 2011 while only two years ago did it reach the Firewalld 1.0 milestone. Thus it was a bit surprising to find Firewalld 2.0 being released today.

The Firewalld 2.0 release is motivated by a change to disallow zone drifting. The fix is around addressing an issue where firewall policies could end up violating the rule of "packets ingress one and only one zone." The change is explained in this commit.

Firewalld 2.0 also adds support for NFTables flowtable, which is a software fast-path that can significantly improve forwarding performance. Firewalld with NftablesFlowtable enabled has increased iperf performance with network forwarding by around 59%. More details on this feature via the Firewalld.org blog. Firewalld 2.0 also adds a new zone priorities feature.

Firewalld 2.0 also does away with the TFTP client service. Firewalld's TFTP client service was for accessing Trivial File Transfer Protocol servers but it turned out to not actually work in practice. The service "never actually worked" when being added to a zone. Instead TFTP users are recommended to setup a policy instead such as:
# firewall-cmd --permanent --new-policy hostTftpTraffic
# firewall-cmd --permanent --policy hostTftpTraffic --add-ingress-zone HOST
# firewall-cmd --permanent --policy hostTftpTraffic --add-egress-zone ANY
# firewall-cmd --permanent --policy hostTftpTraffic --add-service tftp

Firewalld 2.0 also adds support for service files to handle firewall configurations for many games ranging from Anno 1800 to 0 A.D. to Minecraft, Stellaris, SuperTuxKart, and many others. There are also service files added for the Zabbix Java Gateway, Zabbix Web Service, OpenTelemetry, and others.


Downloads and more details on Firewalld 2.0 via GitHub.
15 Comments
Related News
Nano 8.0 Text Editor Released With Modern Bindings Option
Git 2.45 Released With Initial SHA1/SHA256 Interoperability & Reftable Support
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Servo Web Engine Now Passing Acid2 Layout Engine Test
Sovereign Tech Fund Makes New Investments Into GNOME & PHP, Bug Bounty For systemd
Llamafile 0.8 Releases With LLaMA3 & Grok Support, Faster F16 Performance
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Based Coreutils 0.0.26 Increases Compatibility With GNU Coreutils
Ubuntu 24.04 LTS Downloads Now Available