Systemd Gains IP Forwarding, IP Masquerading & Basic Firewall Controls
The systemd project is off to a quick start in 2015 with already seeing over 200 commits (granted, in 2014 systemd development skyrocketed with nearly 5,000 commits). With the newest work that's landed, the networkd component to systemd has been improved with new features.
Among the additions to systemd this week are IP forwarding and masquerading support. Systemd's .network files now have IPForward and IPMasquerade options. This is the minimal support needed and these settings get turned on by default for container network interfaces. The IP forwarding option controls the forwarding sysctl setting of the network interface and the masquerading controls a firewall rule for exposing traffic coming from that interface as coming from the localhost to all other interfaces.
Also added on Tuesday was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rule-sets.
In general, systemd has seen a lot of network-related activity recently. Those wishing to follow systemd development on a daily basis can keep tabs via the systemd Git viewer. These latest changes will be found in systemd 219, which will probably be released soon.
Among the additions to systemd this week are IP forwarding and masquerading support. Systemd's .network files now have IPForward and IPMasquerade options. This is the minimal support needed and these settings get turned on by default for container network interfaces. The IP forwarding option controls the forwarding sysctl setting of the network interface and the masquerading controls a firewall rule for exposing traffic coming from that interface as coming from the localhost to all other interfaces.
Also added on Tuesday was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rule-sets.
In general, systemd has seen a lot of network-related activity recently. Those wishing to follow systemd development on a daily basis can keep tabs via the systemd Git viewer. These latest changes will be found in systemd 219, which will probably be released soon.
186 Comments