t;
> There's a firewalld issue for better support:
> https://github.com/firewalld/firewalld/issues/1384
Yes, this feature is very useful, I'll wait it
Thanks
Dario
--
___
users mailing list -- users@lists.fedoraproject.org
To unsubs
https://stackoverflow.com/questions/61679837/how-do-i-do-a-snat-in-firewalld
firewall-cmd --permanent --direct --add-rule ipv4 nat POSTROUTING 0 -d
172.17.0.0/16 -p all -j SNAT --to 5.6.7.8
Where 5.6.7.8 is the interface IP address you want to use.
There's a firewalld issue for better supp
I can't use MASQUERADE because I must go out with a specific additional
external IP, then I must use a SNAT rule in the place of MASQUERADE
Do as indicated in the object with nft found here:
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/security_guide/sec-configuring_na
Good day all,
I have been trying to manage the egress traffic with firewalld and haven't
been successful.
I created a firewalld policy with the following
ingress zone: dmz
egress zone: drop
For the dmz zone the source IP address is assigned while the interface is
assigned to drop
On 8/7/23 07:29, John Horne wrote:
Hello,
Would someone tell me to what the 'forward:' line in the 'firewall-cmd --list-
all' output refers:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
I have a server with this set to 'yes', so w
On Mon, 2023-08-07 at 15:05 +, John Horne wrote:
> A slightly more descriptive name than just 'forward:' might have
> helped :-)
Going back to the older firewalls, there were input, output, and
forward rules. Input was incoming to this machine, output was outgoing
from this machine, and forwa
On Mon, 2023-08-07 at 10:50 -0400, David King wrote:
> On 8/7/23 10:29, John Horne wrote:
> > Hello,
> >
> > Would someone tell me to what the 'forward:' line in the 'firewall-cmd --
> > list-all' output refers:
> It indicates whether or not intra zone forwarding is enabled ->
> https://firewalld.o
On 8/7/23 10:29, John Horne wrote:
Hello,
Would someone tell me to what the 'forward:' line in the 'firewall-cmd --list-
all' output refers:
It indicates whether or not intra zone forwarding is enabled ->
https://firewalld.org/2020/04/intra-zone-forwarding
--
David King
dave at daveking dot c
Hello,
Would someone tell me to what the 'forward:' line in the 'firewall-cmd --list-
all' output refers:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
I have a server with this set to 'yes', so would like to know what it means.
Thanks
t, but then I would expect the command line to error out too.
On Thu, 22 Jun 2023 02:23:18 +0930, Tim via users wrote:
> On Wed, 2023-06-21 at 16:26 +, Amadeus WM via users wrote:
>> I tried to add the rule in the running firewalld, i.e. without the --
>> permanent option and I
On Wed, 2023-06-21 at 16:26 +, Amadeus WM via users wrote:
> I tried to add the rule in the running firewalld, i.e. without the --
> permanent option and I can still connect to the darn thing. I wonder if it
> has something to do with the order in which the rules or the tables are
Oh, I see, that's very useful to know.
But if I do add a rule to iptables, then that should get translated into
an nft rule? And should be honored? Because the rule I put in firewalld
does show up as an nft rule, but doesn't block anything.
On Mon, 19 Jun 2023 10:20:02 -0400
I tried to add the rule in the running firewalld, i.e. without the --
permanent option and I can still connect to the darn thing. I wonder if it
has something to do with the order in which the rules or the tables are
being processed.
firewall-cmd --add-rich-rule="rule family='ipv4
Tim:
>> We're more used to controls doing something immediately. This is more
>> akin to editing a configuration file, then restarting the service.
Chris Adams:
> When you think about changing firewall rules, especially on a remote
> system, it makes sense - you may need to batch up changes and a
Once upon a time, Tim said:
> We're more used to controls doing something immediately. This is more
> akin to editing a configuration file, then restarting the service.
When you think about changing firewall rules, especially on a remote
system, it makes sense - you may need to batch up changes
ottom of the screen after making any changes:
Connection to firewalld established. Changes applied.
You expect that to mean something more than it says.
However, like with the command line, there is a reload firewalld option
in the GUI menu which will make your permanently settings apply now.
namic
changes, like fail2ban for example, that would get stored as well). Or
you can make all your changes to the permanent config and then load them
to running all at once with firewall-cmd --reload.
didn't put anything in iptables, i.e. iptables --list shows no rules. On
the other hand,
fail2ban for example, that would get stored as well). Or
you can make all your changes to the permanent config and then load them
to running all at once with firewall-cmd --reload.
> didn't put anything in iptables, i.e. iptables --list shows no rules. On
> the other hand, I do have th
bles i
> think.
Regardless of which iptables you use, you aren’t going to see firewalld (using
the nft backend) or nft rules in the output of iptables commands.
--
Jonathan Billings
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send
> On 19 Jun 2023, at 13:27, Amadeus WM via users
> wrote:
>
> Under the hood, by default, firewalld uses the newer nftables instead of
> iptables. I don't know how these two interact, if anything maybe we should
> do this in nftables.
That is configurable. It d
On Jun 19, 2023, at 09:08, Amadeus WM via users
wrote:
>
> So after digging a bit more into this,
>
> firewall-cmd --get-active-zone
> FedoraWorkstation
> interfaces: enp8s0
> docker
> interfaces: docker0
>
> firewall-cmd --get-default-zone
> FedoraWorkstation
>
>
> firewall-cmd --permane
ination address (for parental control). How would I do this with
> firewalld?
>
> I tried
>
> firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
> value="tcp" destination address='aa.bb.0.0/16' reject"
>
>
Sure, like I said, it can be done with iptables. But:
1. Why do we have firewalld then? It seems to me that such a trivial thing
should be configurable with firewalld.
2. The command that I tried
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value=&q
> On 18 Jun 2023, at 23:26, Mike Wright wrote:
>
> How about bypassing firewalld and using iptables directly to add a rule to
> the kernel?
Does firewalld not remove that rule or otherwise make this unreliable?
___
users mailing l
On 6/18/23 11:15, Amadeus WM via users wrote:
Say I want to drop/reject outgoing connections to a particular destination
address (for parental control). How would I do this with firewalld?
How about bypassing firewalld and using iptables directly to add a rule
to the kernel?
iptables -A
On Sun, Jun 18, 2023 at 2:15 PM Amadeus WM via users
wrote:
>
> Say I want to drop/reject outgoing connections to a particular destination
> address (for parental control). How would I do this with firewalld?
I can't address using firewalld, but I think you could get basically
the
Say I want to drop/reject outgoing connections to a particular destination
address (for parental control). How would I do this with firewalld?
I tried
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value="tcp" destination address='aa.bb
On Mon, 2023-03-13 at 16:09 -0600, Sbob wrote:
> # firewall-cmd --permanent --zone=public --add-port=80/udp
Usually, web servers use TCP on port 80.
--
uname -rsvp
Linux 3.10.0-1160.83.1.el7.x86_64 #1 SMP Wed Jan 25 16:41:43 UTC 2023 x86_64
Boilerplate: All unexpected mail to my mailbox is
All;
I just installed Bugzilla on a Fedora 37 server
If I stop the firewall with the below command then I can connect to
bugzilla via pointing a browser from another machine to
http://IPADDR/bugzilla
# systemctl stop firewalld
However once I start firewalld then bugzilla is blocked
I
| From: D. Hugh Redelmeier
| This isn't quite working. tcpdumping the gateways external port, I
| can see the ICMP Echo Request makes it out and an ICMP Echo Reply
| comes back, but it never make it into the LAN.
The packets on the external interface have the IP address of that
interface. So o
To: users@lists.fedoraproject.org
Subject:firewalld problems
Send reply to: "D. Hugh Redelmeier"
, Community support for Fedora
users
> I updated from Fedora 34 to 36 on my gateway machine.
>
> Computers on the LAN could no long
ted a "Packet filtered" response returned by the gateway.
On the other hand this worked fine:
ping gw-LAN-address
and so did
ping gw-public-address
This looks like a problem with forwarding.
googling got me this:
<https://www.it-hure.de/2021/12/firewalld-fedora-34-35-masque
On 28/01/2022 10:16, lejeczek via users wrote:
Hi guys.
I'm trying still not squared away Centos 9 firewalld and since closest
to it is Fedora, here is a natural place to ask I thought -
'forward-port' if you use it for 'localhost', like here:
port=80:p
Hi guys.
I'm trying still not squared away Centos 9 firewalld and since closest
to it is Fedora, here is a natural place to ask I thought -
'forward-port' if you use it for 'localhost', like here:
port=80:proto=tcp:toport=81:toaddr=127.0.0.1
does it work on Fed
在 2021-04-11星期日的 08:20 -0700,Jonathan Ryshpan写道:
> Looking through the system logs (journalctl --boot), I stumbled on
> the following error messages from firewalld; it looks like the
> function iptables-restore is called fairly frequently, generally
> after the system wakes up fro
On 4/11/21 8:20 AM, Jonathan Ryshpan wrote:
Looking through the system logs (journalctl --boot), I stumbled on the
following error messages from firewalld; it looks like the function
iptables-restore is called fairly frequently, generally after the
system wakes up from sleep, and never succeeds
Looking through the system logs (journalctl --boot), I stumbled on the
following error messages from firewalld; it looks like the function
iptables-restore is called fairly frequently, generally after the
system wakes up from sleep, and never succeeds. The intervening lines
vary.
Is this
On Tue, 2020-10-27 at 17:36 +0800, Ed Greshko wrote:
> On 26/10/2020 22:44, Michael J. Baars wrote:
> > After removing these specific lines from
> > /etc/firewalld/zones/FedoraWorkstation.xml, using firewall-cmd, the ports
> > are still accessible by the client and
&
On Tue, 2020-10-27 at 17:36 +0800, Ed Greshko wrote:
> On 26/10/2020 22:44, Michael J. Baars wrote:
> > After removing these specific lines from
> > /etc/firewalld/zones/FedoraWorkstation.xml, using firewall-cmd, the ports
> > are still accessible by the client and
&
On Tue, 2020-10-27 at 17:29 +0800, Ed Greshko wrote:
> On 26/10/2020 22:44, Michael J. Baars wrote:
> > Can someone please tell me how to close these ports on Fedora Workstation?
> > And why does nmap report the ports as filtered on Fedora Workstation and as
> > open/close on Fedora Server?
>
> I
ce.
The exact ports are of no importance :)
>
> > While looking into the firewalld configuration I found that Fedora
> > Workstation and Fedora Server have one major difference their configuration
> > files:
> >
> >
> >
>
> You don't say
On 26/10/2020 22:44, Michael J. Baars wrote:
After removing these specific lines from
/etc/firewalld/zones/FedoraWorkstation.xml, using firewall-cmd, the ports are
still accessible by the client and server
program.
Another question.
Why are you not using either the firewall-cmd command line
On 26/10/2020 22:44, Michael J. Baars wrote:
Can someone please tell me how to close these ports on Fedora Workstation? And
why does nmap report the ports as filtered on Fedora Workstation and as
open/close on Fedora Server?
I think you're not familiar with nmap and those definitions.
filtere
nd as filtered on Fedora Workstation when the server is not running.
You don't say which port, so it makes it impossible to give you useful
advice.
While looking into the firewalld configuration I found that Fedora Workstation
and Fedora Server have one major difference their configura
n the server is not running.
While looking into the firewalld configuration I found that Fedora Workstation
and Fedora Server have one major difference their configuration files:
After removing these specific lines from
/etc/firewalld/zones/FedoraWorkstation.xml, using firewall-cmd, the port
On 2020-05-26 08:17, Earl Ramirez wrote:
> Previously, when I run firewall-cmd --list-all or any firewalld
> commands as a regular user it will failed, with authorization failure.
> Today I noticed that if I run firewall-cmd --list-all I can see the
> rules; however, I am not able t
Dear All,
Previously, when I run firewall-cmd --list-all or any firewalld
commands as a regular user it will failed, with authorization failure.
Today I noticed that if I run firewall-cmd --list-all I can see the
rules; however, I am not able to modify the firewall rules without a
superuser
On 2020-05-19 11:36, Thomas Stephen Lee wrote:
> Hi,
>
> https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables
>
> mentions a
>
> docker-firewalld
>
> where can I find that package or source code?
>
> thanks
I just read the page you cite.
The conte
Hi,
https://fedoraproject.org/wiki/Changes/firewalld_default_to_nftables
mentions a
docker-firewalld
where can I find that package or source code?
thanks
---
Lee
Note: I accidentally posted the same question on CentOS Forum.
___
users mailing
dump of the trace in Bug 1836571.
>
> Hopefully we can figure out the incompatibility before iptables goes away
> completely.
Welcome.
FWIW, I had a question on some output from firewall-cmd and I ended up posting
to
firewalld-us...@lists.fedorahosted.org and got a quick response.
gt;
> lan0 (eno1)
> Zone: FedoraServer
>
> This is correct, my ports, both in the zone. But firewall-cmd on the
command line comes back with this:
>
> [root@shorty ~]# firewall-cmd --list-interfaces
>
> [root@shorty ~]# firewall-cmd --get-active-zone
> [root@shorty ~]#
>
> Zone: FedoraServer
>
> This is correct, my ports, both in the zone. But firewall-cmd on the command
> line comes back with this:
>
> [root@shorty ~]# firewall-cmd --list-interfaces
>
> [root@shorty ~]# firewall-cmd --get-active-zone
> [root@shorty ~]#
>
> Somethi
n the command
line comes back with this:
[root@shorty ~]# firewall-cmd --list-interfaces
[root@shorty ~]# firewall-cmd --get-active-zone
[root@shorty ~]#
Something seems to be broken in firewalld-land, but I don't know where to
start looking.
Following up to myself, firewall seems to
back with this:
[root@shorty ~]# firewall-cmd --list-interfaces
[root@shorty ~]# firewall-cmd --get-active-zone
[root@shorty ~]#
Something seems to be broken in firewalld-land, but I don't know where to
start looking.
pgpy2cR0Ya6DV.pgp
Description: PGP
On Tue, May 12, 2020 at 12:56 PM Jonathan Billings
wrote:
> On Tue, May 12, 2020 at 12:32:29PM -0500, Richard Shaw wrote:
> > Using ipsets in FirewallD is broken in F32...
> >
> > Filed:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1834853
>
> Is this because
On Tue, May 12, 2020 at 12:32:29PM -0500, Richard Shaw wrote:
> Using ipsets in FirewallD is broken in F32...
>
> Filed:
> https://bugzilla.redhat.com/show_bug.cgi?id=1834853
Is this because of the backend change to nftables? Can you change
FirewallBackend=iptables in /e
Using ipsets in FirewallD is broken in F32...
Filed:
https://bugzilla.redhat.com/show_bug.cgi?id=1834853
Thanks,
Richard
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora
b0 -u firewalld
-- Logs begin at Thu 2020-05-07 14:07:43 CDT, end at Tue 2020-05-12
07:15:25 CDT. --
May 12 06:47:20 systemd[1]: Starting firewalld - dynamic firewall daemon...
May 12 06:47:21 systemd[1]: Started firewalld - dynamic firewall daemon.
May 12 07:01:26 systemd[1]: Stopping firewalld - dy
On Sun, 2019-09-01 at 09:04 -0300, George N. White III wrote:
> On Sat, 31 Aug 2019 at 22:28, John Harris wrote:
>
> > On Saturday, August 31, 2019 1:09:58 AM MST Tom H wrote:
> > > On Thu, Aug 29, 2019 at 5:40 AM John Harris
> > wrote:
> > > >
> > > > NFS over UDP is faster than NFS over TCP.
On 9/1/19 8:04 PM, George N. White III wrote:
> My experience with nfsv4 on linux in this environment was relatively
> free of problems.
+1
But, I didn't want to "argue" about it since it would be OT and like similar OT
matters leads nowhere. :-)
--
If simple questions can be answered with
On Sat, 31 Aug 2019 at 22:28, John Harris wrote:
> On Saturday, August 31, 2019 1:09:58 AM MST Tom H wrote:
> > On Thu, Aug 29, 2019 at 5:40 AM John Harris
> wrote:
> >
> > >
> > >
> > > NFS over UDP is faster than NFS over TCP.
> >
>
Until the ethernet switches get busy -- then it is common to
On Saturday, August 31, 2019 1:09:58 AM MST Tom H wrote:
> On Thu, Aug 29, 2019 at 5:40 AM John Harris wrote:
>
> >
> >
> > NFS over UDP is faster than NFS over TCP.
>
>
> When using nfsv3, yes. But nfsv4 is tcp-only.
nfsv4 is also slower than nfsv3, and isn't as well supported on different
s
On Thu, Aug 29, 2019 at 5:40 AM John Harris wrote:
>
> NFS over UDP is faster than NFS over TCP.
When using nfsv3, yes. But nfsv4 is tcp-only.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedo
On Wednesday, August 28, 2019 3:06:50 AM MST Tom H wrote:
> On Wed, Aug 28, 2019 at 9:21 AM Ed Greshko wrote:
>
>
> > [root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp --permanent
> > [root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp --permanent
>
>
> Is there a reason wh
On Wednesday, August 28, 2019 12:20:13 AM MST Ed Greshko wrote:
> That may not be sufficient depending on the zone an interface is assigned.
Correct. See below.
firewall-cmd --add-service=nfs --zone=$ZONE
firewall-cmd --add-service=nfs --zone=$ZONE --permanent
--
John M. Harris, Jr.
Splentity
On 8/28/19 6:44 PM, Ed Greshko wrote:
> It seems integration has been done with Wifi (see above) but not with wired
> connections.
On second though, there is no reason why you can't have 2 "connections" tied to
the same HW with different zones. You just need to have only one "active" at
any ti
.
>
> I don't think that is too much of a worry.
>
> Recall that each Wifi Connection can be assigned a Firewall Zone.
> The connection at home will be different than outside of the home.
>>
>> Whether using "trusted" or adding "nfs" to &quo
On 8/28/19 8:09 PM, Tom H wrote:
> On an nfsv4-only system with its iptables rules flushed. "showmount
> ..." doesn't even work locally (because it needs "rpc.mountd").
>
> # iptables -nL
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy
" only in an nfsv4-only setup
>> because nfsv4 is "limited" to tcp, so it makes sense to try use
>> only tcp.
>
> A couple of things. My age/background has me thinking more in
> "ports" than "services".
Same here. I don't use firewalld or ufw,
needs more protection against his family consuming his data quota.
> > :-)
>
> :)
>
> The problem's that if someone does so on a laptop at home and then
> uses a public network...
>
> Whether using "trusted" or adding "nfs" to "home",
>
> Whether using "trusted" or adding "nfs" to "home", I suppose that the
> solution is to remember to change to "public" when using a public
> network; in the same way way that you'd want to block 111 and 2049
> when doing so, w
On 8/28/19 6:06 PM, Tom H wrote:
> On Wed, Aug 28, 2019 at 9:21 AM Ed Greshko wrote:
>
>> [root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp --permanent
>> [root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp --permanent
> Is there a reason why you don't want to enable "111/tcp"
op at home and then
uses a public network...
Whether using "trusted" or adding "nfs" to "home", I suppose that the
solution is to remember to change to "public" when using a public
network; in the same way way that you'd want to block 111 and 2049
when doin
On Wed, Aug 28, 2019 at 9:21 AM Ed Greshko wrote:
> [root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp --permanent
> [root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp --permanent
Is there a reason why you don't want to enable "111/tcp" and
200048/tcp" as "--add-service=rpc-b
is
>>> good, I followed the instructions anyway.
>>>
>>> Firewlld appears to be a new stumbling block and I don't know how
>>> to fix it. I looked at the Firewalld GUI and there is nothing
>>> intuitive about it. If I stop Firewlld, showmount displays the
&g
way.
>>
>> Firewlld appears to be a new stumbling block and I don't know how
>> to fix it. I looked at the Firewalld GUI and there is nothing
>> intuitive about it. If I stop Firewlld, showmount displays the
>> exports.
>>
>> [bobg@box83 ~]$ showmount -e
k and I don't know how
> to fix it. I looked at the Firewalld GUI and there is nothing
> intuitive about it. If I stop Firewlld, showmount displays the
> exports.
>
> [bobg@box83 ~]$ showmount -e 192.168.2.128
> clnt_create: RPC: Unable to receive
>
> "syst
On 8/28/19 4:27 PM, Alexander Dalloz wrote:
> Port 20048 translates to the mountd firewalld service.
Oh, right. Forgot about that service. I don't have much use for it.
--
If simple questions can be answered with a simple google query then why are
there so many
ome --add-port=111/udp
>> success
>> [root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp --permanent
>> success
>
> Port 111 translates to the rpc-bind firewalld service which you had already
> permitted.
Yes, I know. I'd forgotten I'd added that. Shoot me
translates to the rpc-bind firewalld service which you had
already permitted.
[root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp
success
[root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp
--permanent
success
Port 20048 translates to the mountd firewalld service.
And
On 8/28/19 2:52 PM, John Harris wrote:
> The following two commands, in order, add the rule to your running config,
> and
> to your permanent firewall config:
>
> firewall-cmd --add-service=nfs
> firewall-cmd --add-service=nfs --permanent
That may not be sufficient depending on the zone an inter
ing block and I don't know how to fix
> it. I looked at the Firewalld GUI and there is nothing intuitive about
> it. If I stop Firewlld, showmount displays the exports.
>
> [bobg@box83 ~]$ showmount -e 192.168.2.128
> clnt_create: RPC: Unable to receive
>
> "syste
On 8/27/19 6:47 PM, Ed Greshko wrote:
mount 192.168.2.128:/home /mnt/testb
the format is
mount from_where:what_to_mount mount_point
.
Of course that works.
Thanks Ed.
--
Bob Goodwin - Zuni, Virginia, USA
http://www.qrz.com/db/W2BOD
box83 FEDORA-30/64bit LINUX XFCE Fastmail POP3
_
On 8/28/19 6:17 AM, Bob Goodwin wrote:
>
>
> On 8/27/19 6:05 PM, Bob Goodwin wrote:
>>> The easiest way to resolve the issue is to place the interface on the NFS
>>> server in the "Trusted" firewall zone. The setting for that can be found
>>> in the Network Manager GUI for that interface in the
On 8/27/19 6:05 PM, Bob Goodwin wrote:
The easiest way to resolve the issue is to place the interface on the
NFS server in the "Trusted" firewall zone. The setting for that can
be found in the Network Manager GUI for that interface in the
"General Configuration" tab. At least that is what i
and I don't know how to fix it. I
looked at the Firewalld GUI and there is nothing intuitive about it. If I stop
Firewlld, showmount displays the exports.
[bobg@box83 ~]$ showmount -e 192.168.2.128
clnt_create: RPC: Unable to receive
"systemctl stop firewalld" on the serve
t know how to fix it.
> I looked at the Firewalld GUI and there is nothing intuitive about it. If I
> stop Firewlld, showmount displays the exports.
>
> [bobg@box83 ~]$ showmount -e 192.168.2.128
> clnt_create: RPC: Unable to receive
>
> "systemctl stop firewalld&qu
My NFS problems continue. The hard drive was replaced, Fedora 30
installed and NFS is configured. I think the configuration is good, I
followed the instructions anyway.
Firewlld appears to be a new stumbling block and I don't know how to fix
it. I looked at the Firewalld GUI and the
Data Sat, 20 Jul 2019 06:53:56 +0800
Ed Greshko napisał(a):
> On 7/20/19 6:20 AM, Tim Evans wrote:
> > Installing F30, adding iptables and my current ruleset, and
> > disabling firewalld looks very simple and quick. Why shouldn't I do
> > it?
> >
> > If ne
Hi
On Fri, 19 Jul 2019 18:20:35 -0400 Tim Evans wrote:
> I really, really need to figure out how to port my iptables ruleset to
> work with firewalld.
You may try first to port your iptables by using the "Direct Options"
that provides firewall-cmd.
I plan to use it for a wh
On 7/19/19 3:20 PM, Tim Evans wrote:
I'm planning on upgrading that system to Fedora 30, and am wondering if
I really, really need to figure out how to port my iptables ruleset to
work with firewalld. Other than the need to be up to date (I am
originally from Kansas City), what&#
On Fri, 19 Jul 2019 18:20:35 -0400
Tim Evans wrote:
> wondering if
> I really, really need to figure out how to port my iptables ruleset to
> work with firewalld
Nope, not yet. Just disable every service that has firewall in the
name
systemctl list-unit-files | fgrep -i firewall
Th
orial.html).
>
> I'm planning on upgrading that system to Fedora 30, and am wondering if I
> really, really
> need to figure out how to port my iptables ruleset to work with firewalld.
> Other than
> the need to be up to date (I am originally from Kansas City), what're
Fedora 30, and am wondering if
I really, really need to figure out how to port my iptables ruleset to
work with firewalld. Other than the need to be up to date (I am
originally from Kansas City), what're the advantages of firewalld?
Installing F30, adding iptables and my current ruleset
On 5/12/19 7:12 PM, Ed Greshko wrote:
> So, I'm sure I need to add a "rich rule" or something to the firewall but
> I've no idea
> what it should be.
Well a rich rule *may* be one solution. However, I got around the issue by
placing the
interfaces in different firewall zones.
--
Right: I d
OK, firewall rules aren't in my wheelhouse.
I've got an IPv6 network with a /56 prefix assigned to me by my ISP. This, I
understand,
is rather large and it breaks some functionality. It is meant that this be
broken up into
256 /64 networks or smaller.
On my ISP facing router the LAN has a /64
On Mon, 2018-12-03 at 15:46 -0600, Richard Shaw wrote:
> On Mon, Dec 3, 2018 at 12:32 PM Patrick O'Callaghan
> wrote:
>
> > Dec 03 10:10:45 bree firewalld[844]: ERROR: '/usr/sbin/iptables-restore -w
> > -n' failed: iptables-restore v1.8.0 (legacy):
On Mon, Dec 3, 2018 at 12:32 PM Patrick O'Callaghan
wrote:
> Dec 03 10:10:45 bree firewalld[844]: ERROR: '/usr/sbin/iptables-restore -w
> -n' failed: iptables-restore v1.8.0 (legacy): Set fail2ban-sshd doesn't
> exist.
>
Does this help?
https://github.com/fail2
$ sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor
preset: enabled)
Active: active (running) since Mon 2018-12-03 10:10:44 GMT; 8h ago
Docs: man:firewalld(1)
Main PID
Hi.
Am Donnerstag, den 09.08.2018, 00:20 +0100 schrieb Danny Horne via
users:
> On 08/08/18 23:27, Dirk Gottschalk via users wrote:
> > You have to find out whi issues the query. I would disable
> > recursion at
> > all except for the internal network.
> >
> > Find out who queries this domains an
1 - 100 of 344 matches
Mail list logo
