Thank you.
I installed Suricata-IDS in IPS mode and that rules are needed. Thus, a tool like
Suricata-IDS make Firewalld useless?
On Wednesday, January 13, 2021, 04:13:58 AM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Tue, Jan 12, 2021 at 10:51:58PM -0000, Jason Long wrote:
Hello,
I removed all rich rules, but "direct.xml" file has below lines:
<rule priority="0" table="filter" ipv="ipv4"
chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent
--set</rule>
<rule priority="1" table="filter" ipv="ipv4"
chain="INPUT_direct">-p tcp --dport 80 -m state --state NEW -m recent
--update --seconds 60 --hitcount 30 -j REJECT --reject-with tcp-reset</rule>
Why?
Could below lines cause drop any connection to server?
Yes.
<rule priority="0" table="filter"
ipv="ipv4" chain="INPUT">-j NFQUEUE --queue-bypass</rule>
<rule priority="0" table="filter" ipv="ipv4"
chain="OUTPUT">-j NFQUEUE --queue-bypass</rule>
See the man page for iptables-extensions.
These two rules send the packet to a userspace application if one is
waiting for them. If there is no userspace socket open, then the behave
like like "-j ACCEPT".
These rules are also effectively render firewalld useless. I don't know
what you're trying to do, but maybe you should reconsider.
For example, I can't SSH to server.
Thank you.
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...