Block outgoing connections on Centos 7 with firewalld

Asked Jul 21 '16 at 16:10

Active Jul 22 '16 at 00:26

Viewed 5,777 times

I'm having following rules :

public (default, active)
  interfaces: eth0
  sources: 
  services: dhcpv6-client http https ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

Everything works fine, then I'm adding following direct rules :

ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 3306 -j ACCEPT
ipv4 filter OUTPUT 2 -j DROP

Using following sample command :

firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT

Then I'm unable to do wget or connecting to MySQL in port 3306

I'm already follow the same question and problem at Block outgoing connections on RHEL7/CentOS7 with firewalld? and still the same problem.

The only different is at command for "--dport 80" and "--dport=80", which is I think the same.

What am I dong wrong?

edited Apr 13 '17 at 12:14

Community

asked Jul 21 '16 at 16:10

sule

3

Possible duplicate of [Block outgoing connections on RHEL7/CentOS7 with firewalld?](http://serverfault.com/questions/618164/block-outgoing-connections-on-rhel7-centos7-with-firewalld) – dawud Jul 21 '16 at 17:29
The only different is command for "--dport 80" and "--dport=80", which is I think the same. Tried them, still having the same problem – sule Jul 22 '16 at 00:27

Block outgoing connections on Centos 7 with firewalld

0 Answers0

Linked