Hello, Is below configuration good for a LAMP server?
public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh ports: 80/tcp 443/tcp 990/tcp 40000-50000/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
I want to configure Suricata-IDS as IPS mode but the Suricata-IDS document using iptables :(, Can anyone here help me about this goal? https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-l...
Thank you.
On Mon, Aug 24, 2020 at 08:52:34AM -0000, Jason Long wrote:
Hello, Is below configuration good for a LAMP server?
public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh ports: 80/tcp 443/tcp 990/tcp 40000-50000/tcp
Alternatively you can use a "service" for some of these:
80 --> http 443 --> https
# firewall-cmd --zone public --add-service http # firewall-cmd --zone public --add-service https
I have no idea why you're opening 40000-50000.
protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
I want to configure Suricata-IDS as IPS mode but the Suricata-IDS document using iptables :(, Can anyone here help me about this goal? https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-for-l...
firewalld doesn't support NFQUEUE which seems required for Suricata. You'd have to use a firewalld --direct rule to add the rule to iptables.
Service vs port? Port 80 is difference of http service? How can I use "--direct" rule to convert that iptables to Firewalld?
On Mon, Aug 24, 2020 at 02:52:22PM -0000, Jason Long wrote:
Service vs port?
Services are abstraction. They can contain one port, many ports, but also things. They provide a user friendly way to open up firewall holes, e.g. ssh, samba, mdns, etc.
Port 80 is difference of http service?
No.
How can I use "--direct" rule to convert that iptables to Firewalld?
--direct allows firewalld to manage iptables rules. It's a way to let the user add native iptables rules. firewalld doesn't have abstractions for everything iptables supports.
You should read the documentation [1]. Seems like you're not familiar with the basic firewalld concepts.
firewalld-users@lists.fedorahosted.org