On Thu, Feb 13, 2020 at 03:55:15AM -0000, Lmh Medchem wrote:
Hello,
I am setting up firewalld on CentOS 7 and an not yet familiar with the
process for setting rules. I would like to blanket deny internet
access for all applications and processes. I would then add specific
whitelist access rules for a small number of applications that require
access.
Out of the box, all connections are part of the "default" zone (usually
public zone). This allows the following incoming services; ssh,
dhcpv6-client. Everything else is blocked.
Can someone point me to a write up on how to set up rules like this?
You can get a deny ALL by default by changing the default zone to
something like block or drop.
e.g.
firewall-cmd --set-default-zone=block
Keep in mind this will block ALL traffic until you explicitly add
services/ports/etc. So you won't be able to ssh into the host. Best to
do it when physically sitting at the host.
Hope that helps.
Eric.