On Wed, Jan 13, 2021 at 09:03:56AM +0000, Jason Long wrote:
Thank you.
I installed Suricata-IDS in IPS mode and that rules are needed. Thus, a tool like
Suricata-IDS make Firewalld useless?
I have no idea. I've never used or researched Suricata.
On Wednesday, January 13, 2021, 04:13:58 AM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Tue, Jan 12, 2021 at 10:51:58PM -0000, Jason Long wrote:
> Hello,
> I removed all rich rules, but "direct.xml" file has below lines:
>
> <rule priority="0" table="filter" ipv="ipv4"
chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent
--set</rule>
> <rule priority="1" table="filter" ipv="ipv4"
chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent
--update --seconds 60 --hitcount 30 -j REJECT --reject-with tcp-reset</rule>
>
> Why?
> Could below lines cause drop any connection to server?
Yes.
>Â <rule priority="0" table="filter" ipv="ipv4"
chain="INPUT">-j NFQUEUE --queue-bypass</rule>
>Â <rule priority="0" table="filter" ipv="ipv4"
chain="OUTPUT">-j NFQUEUE --queue-bypass</rule>
See the man page for iptables-extensions.
These two rules send the packet to a userspace application if one is
waiting for them. If there is no userspace socket open, then the behave
like like "-j ACCEPT".
These rules are also effectively render firewalld useless. I don't know
what you're trying to do, but maybe you should reconsider.
> For example, I can't SSH to server.
>
> Thank you.
> _______________________________________________
> firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
> To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...