Looking for a command to show the full state of the firewall
by Tim Hughes
I am trying to get a command that gives a complete listing of the firewall
state at a point in time.
something like `iptables -L -v -n`
I had started to write a script which loops over all the interfaces and
then all the zones and all the other objects and I got to 5 while loops
deep and thought that there must be a better way.
This is for 2 reasons. One to be able to create a diff of any changes and
the other to be able to build a mental picture of the whole state for
debugging.
Tim Hughes
mailto:thughes@thegoldfish.org
3 years, 1 month
Useful rich rules.
by Jason Long
Hello,
How can I find a list of useful rich rules to protect my server?
Thank you.
3 years, 1 month
How to protect Apache from a huge traffic?
by Jason Long
Hello,
A web server is under an attack and Apache has a huge traffic:
https://imgur.com/O33g3ql
I did below command to protect my server, but doesn't work:
# firewall-cmd --permanent --zone="public" --add-rich-rule='rule port port="80" protocol="tcp" accept limit value="100/s" log prefix="HttpsLimit" level="warning" limit value="100/s"'
How can I use Firewalld to protect Apache? When I stop Apache service, then problem solved.
Thank you.
3 years, 2 months
A question about "direct.xml" file.
by Jason Long
Hello,
I removed all rich rules, but "direct.xml" file has below lines:
<rule priority="0" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent --set</rule>
<rule priority="1" table="filter" ipv="ipv4" chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j REJECT --reject-with tcp-reset</rule>
Why?
Could below lines cause drop any connection to server?
<rule priority="0" table="filter" ipv="ipv4" chain="INPUT">-j NFQUEUE --queue-bypass</rule>
<rule priority="0" table="filter" ipv="ipv4" chain="OUTPUT">-j NFQUEUE --queue-bypass</rule>
For example, I can't SSH to server.
Thank you.
3 years, 2 months
How to remove these rich rules?
by Jason Long
Hello,
I have below rich rules and I want to remove the first one:
rich rules:
rule port port="80" protocol="tcp" log prefix="HttpsLimit" level="warning" limit value="100/s" accept limit value="100/s"
rule family="ipv4" source address="X.X.X.X" reject
How can I do it?
Thank you.
3 years, 2 months