Bor should integrate with firewalld to manage firewall rules on systems where it is the active firewall manager. This allows Bor to apply and enforce its policies through the system's native firewall stack rather than requiring admins to configure it out-of-band.
Scope covers detecting firewalld at runtime, managing rules via the firewalld D-Bus API (preferred over shelling out to firewall-cmd), and ensuring rules persist across firewalld reloads by using permanent configuration where appropriate. Rules added by Bor should be clearly identifiable, ideally grouped under a dedicated zone or using a consistent naming convention.
When firewalld is not present or not running on a managed system, the agent should report the firewall policy as not applicable for that system. This status should be surfaced in the compliance reports so admins can distinguish unsupported environments from actual policy violations.
Bor should integrate with firewalld to manage firewall rules on systems where it is the active firewall manager. This allows Bor to apply and enforce its policies through the system's native firewall stack rather than requiring admins to configure it out-of-band.
Scope covers detecting firewalld at runtime, managing rules via the
firewalldD-Bus API (preferred over shelling out tofirewall-cmd), and ensuring rules persist across firewalld reloads by using permanent configuration where appropriate. Rules added by Bor should be clearly identifiable, ideally grouped under a dedicated zone or using a consistent naming convention.When
firewalldis not present or not running on a managed system, the agent should report the firewall policy as not applicable for that system. This status should be surfaced in the compliance reports so admins can distinguish unsupported environments from actual policy violations.