On 10/06/2014 07:41 PM, Rufe Glick wrote:
While skimming through this mailing list's archives I saw that
this
question was raised a couple of times. And last time in August of this
year Jiri reiterated that "So far we don't handle outbound traffic in
firewalld".
So if I still need to limit outgoing traffic what is the best way to
proceed? I could probably use the direct interface. But then I'll have
to write a daemon that'll handle reload\reboot events of firewalld to
re-add the rules. That sounds a bit complicated.
Have you known that 'direct' configuration can be stored in
/etc/firewalld/direct.xml ?
see firewalld.direct man page.
Or you can use firewall-cmd like for example:
$ firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p
tcp -m tcp --sport 1234 -j DROP
Or perhaps I don't understand your use case.
The only solution I see is to disable the firewalld service
altogether
and fall back to iptables service.
Any other ideas?
Also in my opinion a full value firewall solution has to have an
ability to limit outgoing traffic. Are there plans to incorporate this
functionality any time soon?
None that I know of.
--
Jiri