FirewallD allows all port
by Chintan Mishra from Rebhu
All ingress, egress traffic are allowed to an AWS EC2 using Security Groups.
The goal is to manage traffic and ports using FirewallD.
I have only allowed certain ports in FirewallD, but I can access
services that belong outside the open ports.
Here is the output of publicly accessible services:
$ nmap -Pn <my-ip>
Host discovery disabled (-Pn). All addresses will be marked 'up' and
scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-10-16 17:58 UTC
Nmap scan report for ec2-<my-ip>.*.compute.amazonaws.com (<my-ip>)
Host is up (0.57s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
22/tcp open ssh
5432/tcp open postgresql
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8083/tcp open us-srv
9090/tcp open zeus-admin
50000/tcp open ibm-db2
And, here is the output for services and ports opened with FirewallD
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: 8080/tcp 8081/tcp 50000/tcp 8082/tcp 9980/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
_*What is missing in this setup to prevent access to port 8083 from
public internet to the EC2 instance?*_
Thank you.
--
Chintan Mishra