Questions tagged [firewalld-zone]

21 questions
12
votes
3 answers

firewalld not listing any active zones?

When running [root@host ~]# firewall-cmd --get-active-zones [root@host ~]# [root@host ~]# firewall-cmd --get-default-zone public I am not getting any active zones. How can I activate a zone?
giorgio79
  • 1,747
  • 9
  • 25
  • 36
5
votes
2 answers

FirewallD : Allow connections only from certain IP addresses

I am trying to use FirewallD to restrict access to a CentOS server from other machines on the network. It has a single network interface and it is operating in the public zone. Lets say that the ip address of this server 10.10.1.20. What I want to…
thisisshantzz
  • 151
  • 1
  • 1
  • 3
4
votes
2 answers

Fedora 21: Firewalld (firewall-cmd) won't PERMANENTLY assign interfaces to zones?

I installed Fedora on this one machine which is EXCLUSIVELY a gateway / firewall system. Following installation, I ran 'yum upgrade', and so it should be up to the very latest Fedora 21 - I'm a little behind on purpose (not Fedora 22) specifically…
Richard T
  • 1,130
  • 11
  • 26
4
votes
0 answers

IPsets in FirewallD with Nftables backend

I upgraded my server to Fedora 32. Firewalld has switched the backend to Nftables. My setup is pretty simple. Just HTTP, HTTPS, SSH, SMTP ports open and multiple IPsets (IPv4, IPv6) to block a preset list of IP addresses. Earlier I used to do…
user213598
2
votes
0 answers

firewalld: two NICs, two zones. Zone is ignored

I have a server running CentOS/RHEL 7.7 with two network interfaces. These interfaces are configured and work properly. The first interface, ens33, is part of the firewalld "public" zone. All the rules applied to this zone work properly. The…
AntEater
  • 21
  • 2
2
votes
1 answer

Firewalld block http traffic even if activated

I'm trying to configure a simple test environment with 3 machines : One Kali to simulate internet : IP = 10.99.0.2 One CentOS that acts as a firewall using firewalld : IPs = 10.99.0.1, 10.4.1.1 One CentOS that acts as a web server using httpd : IP…
2
votes
1 answer

Firewalld management

As I asked it on this topic's comments: block all but a few ips with firewalld I'm looking for a way to deny all public IPs except for mine on the public zone of firewalld. For now, my public zone just have ssh/http/https services and I have…
Dr I
  • 943
  • 16
  • 33
1
vote
1 answer

firewalld puppet module unable to add multiple sources error: INVALID ZONE on second source

We have a puppet module (v3.6.2 as we're using it for Satellite 6) The module works as expected, except when adding multiple sources to a zone. It will add the zone and then add one souce, then error out trying to add the second source to the zone…
Amelia
  • 11
  • 1
1
vote
1 answer

How to configure firewalld for source-specific rules?

I have a server in a datacenter that serves as an IPA master and VPN server. For simplicity, assume I need to enable the "ipsec" service for VPN, and the "kerberos" service for IPA. I would like to: 1) Allow traffic from anywhere to access the ipsec…
ToBeReplaced
  • 109
  • 1
  • 5
1
vote
0 answers

Firewalld: Sources in Drop and Block zones

I can't get the services attaches to the block zone working for sources attached to those zones. I was wondering what the inteded purpose of source->zone<-service was..! I was trying to use the default zone as the drop zone with few service enabled.…
xcorat
  • 121
  • 6
1
vote
0 answers

using Firewalld , trying to allow all ports that come in on an internal ip

I am building a new server and i am using Firewalld for the first time. I have a loadbalancer that takes public ip requests and routes them to one of my servers with internal IPs These servers have both public and private ips. The public ips are…
randy
  • 141
  • 3
0
votes
1 answer

block ping 8.8.8.8 in firewalld

Working from my Arch Console (having not yet installed Openbox), I've installed firewalld, sudo pacman -S firewalld, then, to check that it's overall working, firewall-cmd --panic-on correctly blocks my ping -c 3 8.8.8.8. But is it specifically…
joharr
  • 103
  • 4
0
votes
1 answer

Issue with firewalld

I just came across this issue and it's late here so I can't really think straight anymore right now. Still this is something pretty simple so I'm not really seeing what I'm missing and just going nuts here: I was setting up a server I use solely for…
0
votes
1 answer

Firewalld without interfaces on public zone

On my Oracle Cloud server, the public zone has no interfaces attached, neither does any of the other zones. But still if I allow a port in the public zone, it does allow the traffic through. So why is it not needed to add the adaptor (eth0 or…
Maestro
  • 255
  • 1
  • 2
  • 8
0
votes
1 answer

firewall-cmd - adding 0.0.0.0/0 as a source in one zone blocks more specific access in another zone

I have two firewalld zones configured as follows: zone: ssh-access source: 1.2.3.4 ports: 9999/tcp zone: other-access source: 5.6.7.8 ports: 8888/tcp We temporarily want to unrestrict access to the ssh-access zone on port 9999/tcp so we replace…
Chris
  • 101
  • 1
1
2