11:06 a.m.
On my server firewalld is active as below:
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago
Main PID: 16793 (firewalld)
CGroup: /system.slice/firewalld.service
└─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
But still traffic from all other services like http, mysql are coming in. It is not
getting blocked. It is looking like firewalld has no effect at all.
Server detail:
==========
CentOS 7
kernel: 3.10.0-229.4.2.el7.x86_64
firewalld-0.3.9-14.el7.noarch
Kindly advise.
2:02 p.m.
On Fri, 2015-12-18 at 17:06 +0000, mail.mthakkar(a)gmail.com wrote:
But still traffic from all other services like http, mysql are coming
in. It is not getting blocked. It is looking like firewalld has no
effect at all.
Thats weird. What output do you get from `iptables -L -n` ? Since
firewalld modifies iptables, do you have a bunch of rules etc?
6:40 a.m.
Hello,
On 12/18/2015 06:06 PM, mail.mthakkar(a)gmail.com wrote:
On my server firewalld is active as below:
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago
Main PID: 16793 (firewalld)
CGroup: /system.slice/firewalld.service
└─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
But still traffic from all other services like http, mysql are coming in. It is not
getting blocked. It is looking like firewalld has no effect at all.
Server detail:
==========
CentOS 7
kernel: 3.10.0-229.4.2.el7.x86_64
firewalld-0.3.9-14.el7.noarch
Kindly advise.
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...
please attach the output of
1) iptables-save
2) ip6tables-save
3) firewall-cmd --list-all-zones
Do you have trusted sources or interfaces?
From where are you connecting to the services that are still accessible?
Are you using IPv4 and/or IPv6?
Regards,
Thomas
8:16 a.m.
Your OP shows that firewalld is disabled. see
https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/ for a nice
explanation. Try enabling it.
Amicalement,
Dave
--
Maple Park Development
Linux Systems Integration
1224 DuBois
St. Louis MO 63122-5518
USA
Tel : 01-314-941-2496
Fax :01-866-542-7647
http://www.maplepark.com/
mapleparkdevelopment(a)gmail.com
Ce message et les pièces jointes sont confidentiels et réservés à l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne
pouvant être assurée sur Internet, la responsabilité du groupe Parc de
l'érable ne pourra être recherchée quant au contenu de ce message. Bien que
les meilleurs efforts soient faits pour maintenir cette transmission
exempte de tout virus, l'expéditeur ne donne aucune garantie à cet égard et
sa responsabilité ne saurait être recherchée pour tout dommage résultant
d'un virus transmis.
On Tue, Dec 29, 2015 at 6:40 AM, Thomas Woerner <twoerner(a)redhat.com> wrote:
Hello,
On 12/18/2015 06:06 PM, mail.mthakkar(a)gmail.com wrote:
> On my server firewalld is active as below:
>
> # systemctl status firewalld
> firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
> Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h
> ago
> Main PID: 16793 (firewalld)
> CGroup: /system.slice/firewalld.service
> └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork
> --nopid
>
> Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic
> firewall daemon...
> Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall
> daemon.
>
> # firewall-cmd --list-all
> public (default, active)
> interfaces: eth0
> sources:
> services: dhcpv6-client ssh
> ports:
> masquerade: no
> forward-ports:
> icmp-blocks:
> rich rules:
>
> But still traffic from all other services like http, mysql are coming in.
> It is not getting blocked. It is looking like firewalld has no effect at
> all.
>
> Server detail:
> ==========
> CentOS 7
> kernel: 3.10.0-229.4.2.el7.x86_64
> firewalld-0.3.9-14.el7.noarch
>
> Kindly advise.
> _______________________________________________
> firewalld-users mailing list
> firewalld-users(a)lists.fedorahosted.org
>
> https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...
>
please attach the output of
1) iptables-save
2) ip6tables-save
3) firewall-cmd --list-all-zones
Do you have trusted sources or interfaces?
From where are you connecting to the services that are still accessible?
Are you using IPv4 and/or IPv6?
Regards,
Thomas
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedoraho...
3039
days inactive
3050
days old
firewalld-users@lists.fedorahosted.org
3 comments
4 participants
participants (4)
-
David Forrest -
mail.mthakkar@gmail.com -
Nathanael D. Noblet -
Thomas Woerner