Re: FirewallD Rule for Port and Interface
by Scott Talbert
On Wed, 4 Apr 2012, Thomas Woerner wrote:
>> I have been looking at firewalld in Fedora 17 in order to understand how
>> to convert an iptables command that I use in a script into a firewalld
>> one. The iptables command that I'm using is:
>> iptables -I INPUT -p udp -i $INTERFACE --dport 67 -j ACCEPT
>>
>> With firewalld-cmd I can do:
>> firewall-cmd --add --port=67/udp
>>
>> But there doesn't seem to be a way for me to specify an interface as
>> well? As in, I only want to open UDP port 67 on a specific network
>> interface, not all interfaces.
>>
> Are you setting up interfaces by hand or are you using NetworkManager or the
> network service?
I am setting up the interface by hand (using ifconfig).
> Create a customized zone and use firewall-cmd to add th einterface to the
> zone: firewall-cmd --zone=<zone> --add --interface=<interface>
This seems to do what I was looking for, once I created an new zone xml file.
I didn't see a way to create a zone dynamically (e.g., using firewall-cmd). Is
this correct?
Thanks,
Scott
11 years, 11 months
Accessibility to flags and states?
by philippepma@free.fr
Hello.
With firewall-cmd (and/or firewall-config), will it be possible to
access the protocol flags and the state of the frames?
For example, will it be possible to do the equivalent of the following
commands?
iptables -A INPUT_TCP -p tcp --syn --dport ssh -m state --state NEW -j
ACCEPT
or
iptables -A CHECK_BAD_TCP -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
thx
11 years, 11 months
Where is firewall-config ?
by philippepma@free.fr
Hello,
I have installed Fedora 17 Beta.
Where can we find firewall-config command ?
Thx.
11 years, 11 months
Proper way to change zones?
by Patrick
Hello!
I am trying to make use of firewalld now that I am in F17, but
documentation is slim :).
I have created a zone xml file in /usr/local/lib/firewalld/zones/ and
added some services to /usr/local/lib/firewalld/services/ . I have
then linked them to the appropriate folders in /etc/firewalld.
Even after reloading firewalld, it does not list my new zone when I
issue the command firewall-cmd --get-zones. I have set my interface to
use my new zone in the appropriate /etc/sysconfig/network-scripts
file. Now when I issue firewall-cmd --get-zone-of-interface=eth0 I get
no output, instead of "public," which was the zone it used to receive
by default.
If I issue "nmcli -f NAME,DEVICES,ZONE con status" it lists my new
zone, so I guess that is something :).
Am I doing this all wrong?! Thank you for any assistance,
Patrick
11 years, 12 months
FirewallD Rule for Port and Interface
by Scott Talbert
Hi,
I have been looking at firewalld in Fedora 17 in order to understand how
to convert an iptables command that I use in a script into a firewalld
one. The iptables command that I'm using is:
iptables -I INPUT -p udp -i $INTERFACE --dport 67 -j ACCEPT
With firewalld-cmd I can do:
firewall-cmd --add --port=67/udp
But there doesn't seem to be a way for me to specify an interface as well?
As in, I only want to open UDP port 67 on a specific network interface,
not all interfaces.
Thanks,
Scott
11 years, 12 months