Upnp
by John Obaterspok
Hi,
I currently have to disable firewalld since my gupnp service needs to subscribe to upnp events from different upnp devices.
Last year a SSDP conntrack helper was added in conntrack-tools 1.4.3
Has anything been done recently to allow using firewalld with upnp? Any hints of workarounds to allow me to use it?
-- john
7 years, 10 months
Sorted --list-all rich rules
by Peter van Heck
"firewall-cmd --zone=public --list-all" gives me a random list of all rich rules.
With over 100 rules it is hard to manage
Is it possible to sort by IP and/or port?
Is it possible to list only a certain port, like all rich rules on port 22, sorted by IP?
7 years, 10 months
firewalld-0.4.1.2
by Thomas Woerner
The new firewalld version 0.4.1.2 is available with enhancements, bug
fixes and speed ups. There have been no announcements for the versions
0.4.1 and 0.4.1.1 as some issues has been discovered directly after the
release, which are now fixed.
The main changes of firewalld-0.4.1, firewalld-0.4.1.1 and
firewalld-0.4.1.2 are
ipset handling enhancements
---------------------------
No cleanup of ipsets using timeouts while reloading.
Only destroy ipsets with the same name and a conflicting type or
conflicting options.
Use ipset types that are supported by the system.
Add and remove several ipset entries in one call using a file
-------------------------------------------------------------
The new options for firewall-cmd are –add-entries-from-file and
–remove-entries-from-file.
Reduced time frame where builtin chains are on policy DROP while reloading
--------------------------------------------------------------------------
All config files are read before the rule set will be created. This is
good on slower machines and also reduced the possibility of packet
losses while reloading.
Command line interface support to get and alter descriptions
------------------------------------------------------------
The new options for firewall-cmd and firewall-offline-cmd are
–set-description, –get-description, –set-short and –get-short for zones,
services, ipsets and icmptypes.
Fixed logging in rich rule forward rules
----------------------------------------
Rework of import structures
---------------------------
Reduced calls to get ids for port and protocol names
----------------------------------------------------
NetworkManager module
---------------------
This module is used to get and set zones of connections, used in
firewall-applet and firewall-config.
Autodetection of backend tools in configure
--------------------------------------------
The {ip,ip6,eb}tables{,-restore} and ipset backend tools are discovered
in the build process to use a proper path automatically. The with
options for these tools in configure are still usable for overloading.
There are also several bug fixes and further code optimizations.
------------------------------------------------------------------------
The new firewalld version 0.4.1.2 is available here:
https://fedorahosted.org/released/firewalld/firewalld-0.4.1.2.tar.bz2
Also on github:
https://github.com/t-woerner/firewalld/releases/tag/v0.4.1.2
And in the github repository:
https://github.com/t-woerner/firewalld/
<https://github.com/t-woerner/firewalld/tree/v0.4.0>
7 years, 11 months
SIPVicious attacks: Migration from iptables-extensions
by Benjamin Lefoul
Hi!
I have inherited a system using the following in order to prevent SIPVicious attacks:
iptables -I INPUT -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm -j DROP
iptables -I INPUT -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm -j DROP
Now that we are migrating to firewalld, I am not quite sure how to translate this into the firewalld semantics.
Do I have to use a rich rule with "protocol value="?
Any idea?
Thanks,
Benjamin Lefoul
nWISE AB
7 years, 11 months
Firewalld not working properly on Centos7
by John Housty
Installed it with yum (yum install firewalld)
ran systemclt status firewalld which says it's running. However when I run firewall-cmd --state it says not running.
Also if I do firewall-cmd --get-default-zone, nothing shows up!
How can I resolve this? I already uninstalled and reinstalled with yum and the same thing happens.
7 years, 11 months