On my server firewalld is active as below:
# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago Main PID: 16793 (firewalld) CGroup: /system.slice/firewalld.service └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall daemon... Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
# firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: But still traffic from all other services like http, mysql are coming in. It is not getting blocked. It is looking like firewalld has no effect at all.
Server detail: ========== CentOS 7 kernel: 3.10.0-229.4.2.el7.x86_64 firewalld-0.3.9-14.el7.noarch
Kindly advise.
On Fri, 2015-12-18 at 17:06 +0000, mail.mthakkar@gmail.com wrote:
But still traffic from all other services like http, mysql are coming in. It is not getting blocked. It is looking like firewalld has no effect at all.
Thats weird. What output do you get from `iptables -L -n` ? Since firewalld modifies iptables, do you have a bunch of rules etc?
Hello,
On 12/18/2015 06:06 PM, mail.mthakkar@gmail.com wrote:
On my server firewalld is active as below:
# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago Main PID: 16793 (firewalld) CGroup: /system.slice/firewalld.service └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall daemon... Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
# firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
But still traffic from all other services like http, mysql are coming in. It is not getting blocked. It is looking like firewalld has no effect at all.
Server detail:
CentOS 7 kernel: 3.10.0-229.4.2.el7.x86_64 firewalld-0.3.9-14.el7.noarch
Kindly advise. _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahoste...
please attach the output of 1) iptables-save 2) ip6tables-save 3) firewall-cmd --list-all-zones
Do you have trusted sources or interfaces? From where are you connecting to the services that are still accessible? Are you using IPv4 and/or IPv6?
Regards, Thomas
Your OP shows that firewalld is disabled. see https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/ for a nice explanation. Try enabling it.
Amicalement, Dave -- Maple Park Development Linux Systems Integration 1224 DuBois St. Louis MO 63122-5518 USA
Tel : 01-314-941-2496 Fax :01-866-542-7647 http://www.maplepark.com/ mapleparkdevelopment@gmail.com
Ce message et les pièces jointes sont confidentiels et réservés à l'usage exclusif de ses destinataires. Il peut également être protégé par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir immédiatement l'expéditeur et de le détruire. L'intégrité du message ne pouvant être assurée sur Internet, la responsabilité du groupe Parc de l'érable ne pourra être recherchée quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et sa responsabilité ne saurait être recherchée pour tout dommage résultant d'un virus transmis.
On Tue, Dec 29, 2015 at 6:40 AM, Thomas Woerner twoerner@redhat.com wrote:
Hello,
On 12/18/2015 06:06 PM, mail.mthakkar@gmail.com wrote:
On my server firewalld is active as below:
# systemctl status firewalld firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago Main PID: 16793 (firewalld) CGroup: /system.slice/firewalld.service └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall daemon... Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
# firewall-cmd --list-all public (default, active) interfaces: eth0 sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
But still traffic from all other services like http, mysql are coming in. It is not getting blocked. It is looking like firewalld has no effect at all.
Server detail:
CentOS 7 kernel: 3.10.0-229.4.2.el7.x86_64 firewalld-0.3.9-14.el7.noarch
Kindly advise. _______________________________________________ firewalld-users mailing list firewalld-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahoste...
please attach the output of
- iptables-save
- ip6tables-save
- firewall-cmd --list-all-zones
Do you have trusted sources or interfaces? From where are you connecting to the services that are still accessible? Are you using IPv4 and/or IPv6?
Regards, Thomas
firewalld-users mailing list firewalld-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahoste...
firewalld-users@lists.fedorahosted.org