Skip to content

New UI Proposal

Jump to bottom Edit New page
Imobach González Sosa edited this page Sep 3, 2018 · 14 revisions

New UI Proposal

Firewalld replaced SuSEFirewall2 as the default firewall solution in openSUSE Leap 15.0 and SLE 15. Although YaST supports Firewalld under the hood, nowadays there is no GUI to configure it (the upstream firewall-config tool is used instead) so we are on the process of defining a new one.

The idea behind this document is to serve as starting point to discuss on the new UI.

The Old UI

Let's start by showing some screenshots of the old UI so we can compare it with the new one.

Proposal

General Organization

In firewalld, zones are a core concept. By default, there is a set of predefined zones (public, dmz, trustetd, etc.) but, unlike SuSEFirewall2, it is allowed to define custom ones. Most of the configuration stuff (open services, ports, custom rules, etc.) are defined in a per-zone basis. And, like SuSEFirewall2, each network interface can be associated to a zone.

Additionally, there are other generic configuration items, like IP sets that are not bound to a specific zone.

With these concepts in mind, we are proposing a user interface similar to the one below:

The idea is to leverage the concept of zone, making clear which parts of the configuration are associated to them and which part is general stuff.

  • Interfaces: List of interfaces allowing the user to bound them to a given zone. We might consider removing this list and allowing the user to associate interfaces and zones in the next item (1 zone can contain many interfaces).
  • Zones: List of zones allowing the user to add/remove them. Under this item the user can find one menu entry per each zone (we could limit them to show only 'active' zones). See the next item.
  • Zone Configuration: It will offer all configuration items for a given zone organized in a set of tabs. Please, ignore the tabs content as it is not defined at all yet.
  • Logging Level: It will allow the user to set the logging level (analogous to the old one).

In the future, we could add other menu entries regarding stuff which is not defined within a single zone, like IP sets or Services (they can be defined to be later associated to zones).

Allowed Services

The user can specify a set of services to be allowed in a given zone using the Services tab. Basically, there is a quite long list of known services and the user can select any number of them. We are proposing four different interfaces (but we are still open to new ideas).

A multi select list:

Two lists, side by side:

/images/allowed-services.png

If we want to add service descriptions, we might consider putting the lists one on top of the other.

/images/allowed-services-top-down.png

Or just the old interface style:

Add a custom footer
Add a custom sidebar
Clone this wiki locally