3:52 a.m.
Hello,
Is below configuration good for a LAMP server?
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh
ports: 80/tcp 443/tcp 990/tcp 40000-50000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I want to configure Suricata-IDS as IPS mode but the Suricata-IDS document using iptables
:(, Can anyone here help me about this goal?
https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-fo...
Thank you.
8:56 a.m.
On Mon, Aug 24, 2020 at 08:52:34AM -0000, Jason Long wrote:
Hello,
Is below configuration good for a LAMP server?
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh
ports: 80/tcp 443/tcp 990/tcp 40000-50000/tcp
Alternatively you can use a "service" for some of these:
80 --> http
443 --> https
# firewall-cmd --zone public --add-service http
# firewall-cmd --zone public --add-service https
I have no idea why you're opening 40000-50000.
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I want to configure Suricata-IDS as IPS mode but the Suricata-IDS document using iptables
:(, Can anyone here help me about this goal?
https://suricata.readthedocs.io/en/suricata-5.0.3/setting-up-ipsinline-fo...
firewalld doesn't support NFQUEUE which seems required for Suricata.
You'd have to use a firewalld --direct rule to add the rule to iptables.
9:52 a.m.
Service vs port?
Port 80 is difference of http service?
How can I use "--direct" rule to convert that iptables to Firewalld?
10:28 a.m.
On Mon, Aug 24, 2020 at 02:52:22PM -0000, Jason Long wrote:
Service vs port?
Services are abstraction. They can contain one port, many ports, but
also things. They provide a user friendly way to open up firewall holes,
e.g. ssh, samba, mdns, etc.
Port 80 is difference of http service?
No.
How can I use "--direct" rule to convert that iptables to
Firewalld?
--direct allows firewalld to manage iptables rules. It's a way to let
the user add native iptables rules. firewalld doesn't have abstractions
for everything iptables supports.
You should read the documentation [1]. Seems like you're not familiar with
the basic firewalld concepts.
[1]: https://firewalld.org/documentation/
1326
days inactive
1335
days old
firewalld-users@lists.fedorahosted.org
5 comments
2 participants
participants (2)
-
Eric Garver -
Jason Long