Hello All,
I've just installed Fedora 24 and wanted to enable firewall on my laptop, for personal use. While trying to discover features/options available in FirewallD, I changed the default zone "FedoraWorstation" to "Drop" zone using the GUI, as I wanted to block/drop all incoming traffic while allowing outgoing connections and maintaining their states. I do not know much about Iptables. Could you please take a look at the output of "iptables -L" and let me know if "Drop" zone policy is applied properly and that it meets my requirement ? A short description of what you think would be just enough.
Thank you and I appreciate your help.
Here is the output of "iptables -L" : Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED ACCEPT all -- anywhere anywhere INPUT_direct all -- anywhere anywhere INPUT_ZONES_SOURCE all -- anywhere anywhere INPUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-h ost-prohibited
Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED ACCEPT all -- anywhere anywhere FORWARD_direct all -- anywhere anywhere FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere FORWARD_IN_ZONES all -- anywhere anywhere FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere FORWARD_OUT_ZONES all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere ctstate INVALID REJECT all -- anywhere anywhere reject-with icmp-h ost-prohibited
Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_drop all -- anywhere anywhere FWDI_drop all -- anywhere anywhere
Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_drop all -- anywhere anywhere FWDO_drop all -- anywhere anywhere
Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination
Chain FORWARD_direct (1 references) target prot opt source destination
Chain FWDI_drop (2 references) target prot opt source destination FWDI_drop_log all -- anywhere anywhere FWDI_drop_deny all -- anywhere anywhere FWDI_drop_allow all -- anywhere anywhere DROP all -- anywhere anywhere
Chain FWDI_drop_allow (1 references) target prot opt source destination
Chain FWDI_drop_deny (1 references) target prot opt source destination
Chain FWDI_drop_log (1 references) target prot opt source destination
Chain FWDO_drop (2 references) target prot opt source destination FWDO_drop_log all -- anywhere anywhere FWDO_drop_deny all -- anywhere anywhere FWDO_drop_allow all -- anywhere anywhere DROP all -- anywhere anywhere
Chain FWDO_drop_allow (1 references) target prot opt source destination
Chain FWDO_drop_deny (1 references) target prot opt source destination
Chain FWDO_drop_log (1 references) target prot opt source destination
Chain INPUT_ZONES (1 references) target prot opt source destination IN_drop all -- anywhere anywhere IN_drop all -- anywhere anywhere
Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination
Chain INPUT_direct (1 references) target prot opt source destination
Chain IN_drop (2 references) target prot opt source destination IN_drop_log all -- anywhere anywhere IN_drop_deny all -- anywhere anywhere IN_drop_allow all -- anywhere anywhere DROP all -- anywhere anywhere
Chain IN_drop_allow (1 references) target prot opt source destination
Chain IN_drop_deny (1 references) target prot opt source destination
Chain IN_drop_log (1 references) target prot opt source destination
Chain OUTPUT_direct (1 references) target prot opt source destination
Regards, Nitink
firewalld-users@lists.fedorahosted.org