New UI Proposal
Firewalld replaced SuSEFirewall2 as the default firewall solution in
openSUSE Leap 15.0 and SLE 15. Although YaST supports Firewalld under the hood, nowadays there is no
GUI to configure it (the upstream firewall-config tool is used instead) so we are on the process
of defining a new one.
The idea behind this document is to serve as starting point to discuss on the new UI.
Let's start by showing some screenshots of the old UI so we can compare it with the new one.
In firewalld, zones are a core concept. By default, there is a set of predefined zones (public, dmz, trustetd, etc.) but, unlike SuSEFirewall2, it is allowed to define custom ones. Most of the configuration stuff (open services, ports, custom rules, etc.) are defined in a per-zone basis. And, like SuSEFirewall2, each network interface can be associated to a zone.
Additionally, there are other generic configuration items, like IP sets that are not bound to a specific zone.
With these concepts in mind, we are proposing a user interface similar to the one below:
- Interfaces: List of interfaces allowing the user to bound them to a given zone. We might consider removing this list and allowing the user to associate interfaces and zones in the next item (1 zone can contain many interfaces).
- Zones: List of zones allowing the user to add/remove them. Under this item the user can find one menu entry per each zone (we could limit them to show only 'active' zones). See the next item.
- Zone Configuration: It will offer all configuration items for a given zone organized in a set of tabs. Please, do not pay attention to the tabs content as it is not defined at all yet.
- Logging Level: It will allow the user to set the logging level (analogous to the old one).
In the future, we could add other menu entries regarding stuff which is not defined within a single zone, like IP sets or Services (they can be defined to be later associated to zones).