After reading more on the topic, it appears that this is a feature of running podman and FirewallD together.
`podman` instructs FirewallD to allow the ports whenever `podman run` command specifies a port binding with the host.
Thank you.
All ingress, egress traffic are allowed to an AWS EC2 using Security Groups.
The goal is to manage traffic and ports using FirewallD.
I have only allowed certain ports in FirewallD, but I can access services that belong outside the open ports.
Here is the output of publicly accessible services:
$ nmap -Pn <my-ip>
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2022-10-16 17:58 UTC
Nmap scan report for ec2-<my-ip>.*.compute.amazonaws.com (<my-ip>)
Host is up (0.57s latency).
Not shown: 992 filtered ports
PORT STATE SERVICE
22/tcp open ssh
5432/tcp open postgresql
8080/tcp open http-proxy
8081/tcp open blackice-icecap
8082/tcp open blackice-alerts
8083/tcp open us-srv
9090/tcp open zeus-admin
50000/tcp open ibm-db2And, here is the output for services and ports opened with FirewallD
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client ssh
ports: 8080/tcp 8081/tcp 50000/tcp 8082/tcp 9980/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:What is missing in this setup to prevent access to port 8083 from public internet to the EC2 instance?
Thank you.
--
Chintan Mishra
_______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue