While skimming through this mailing list's archives I saw that this question was raised a couple of times. And last time in August of this year Jiri reiterated that "So far we don't handle outbound traffic in firewalld".
So if I still need to limit outgoing traffic what is the best way to proceed? I could probably use the direct interface. But then I'll have to write a daemon that'll handle reload\reboot events of firewalld to re-add the rules. That sounds a bit complicated.
The only solution I see is to disable the firewalld service altogether and fall back to iptables service.
Any other ideas?
Also in my opinion a full value firewall solution has to have an ability to limit outgoing traffic. Are there plans to incorporate this functionality any time soon?
Thanks, Rufe
On 10/06/2014 07:41 PM, Rufe Glick wrote:
While skimming through this mailing list's archives I saw that this question was raised a couple of times. And last time in August of this year Jiri reiterated that "So far we don't handle outbound traffic in firewalld".
So if I still need to limit outgoing traffic what is the best way to proceed? I could probably use the direct interface. But then I'll have to write a daemon that'll handle reload\reboot events of firewalld to re-add the rules. That sounds a bit complicated.
Have you known that 'direct' configuration can be stored in /etc/firewalld/direct.xml ? see firewalld.direct man page. Or you can use firewall-cmd like for example: $ firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --sport 1234 -j DROP
Or perhaps I don't understand your use case.
The only solution I see is to disable the firewalld service altogether and fall back to iptables service.
Any other ideas?
Also in my opinion a full value firewall solution has to have an ability to limit outgoing traffic. Are there plans to incorporate this functionality any time soon?
None that I know of.
-- Jiri
firewalld-users@lists.fedorahosted.org