Understanding Linux Firewalling

Understanding Linux Firewalling

Understanding Previous Solutions

Understanding Firewalld

Understanding Firewalld Zones

Firewalld Default Zones

Zone name Default Settings
Block Incoming network connections are rejected with an “icmp-host-prohibited” message. Only network connections that were initiated on this system are allowed.
Dmz For use on computers in the demilitarized zone. Only selected incoming connections are accepted, and limited access to the internal network is allowed.
Drop Any incoming packets are dropped and there is no reply.
External For use on external networks with masquerading (Network Address Translation [NAT]) enabled, used especially on routers. Only selected incoming connections are accepted.
Home For use with home networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.
Internal For use in internal networks. Most computers on the same network are trusted, and only selected incoming connections are accepted.
Public For use in public areas. Other computers in the same network are not trusted, and limited connections are accepted. This is the default zone for all newly created network interfaces.
trusted All network connections are accepted.
work For use in work areas. Most computers on the same network are trusted,and only selected incoming connections are accepted.

Understanding Firewalld Services

firewall-cmd --get-services

[root@localhost sssd]# firewall-cmd --get-services
amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp
high-availability http https imaps ipp ipp-client ipsec kerberos
kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp
openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp
radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client
transmission-client vnc-server wbem-https

Contents of the ftp Service File

[root@server1 services]# cat ftp.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>FTP</short>
<description>FTP is a protocol used for remote file transfer. If you
plan to make your FTP
server publicly available, enable this option. You need the vsftpd
package installed for this
option to be useful.</description>
<port protocol="tcp" port="21"/>
<module name="nf_conntrack_ftp"/>
</service>

results matching ""

    No results matching ""