On Fri, Oct 31, 2014 at 02:42:03AM +, Always Learning wrote:
> Assuming the IPtables firewall is logically designed, it is very easy to
> see exactly where you need to place the command. Your wish to delegate a
> simple placement to the software suggests you are not well familiar with
> the des
On Thu, October 30, 2014 12:14, Marko Vojinovic wrote:
>
>
> I have a feeling that it's just the case of lazy sysadmins who don't
> want to bother reading the man page for firewall-cmd. They seem to be
> the ones who are not informed. Moreover, the lockdown and panic options
> seem to be an improv
On Thu, October 30, 2014 9:42 pm, Always Learning wrote:
>
> On Thu, 2014-10-30 at 16:14 +, Marko Vojinovic wrote:
>
>> Sure, I do know how it works. :-) However, the iptables requires me to
>> think about it when specifying -I or -A every time I modify the rules.
>
> When I set-up a server, I
On 10/30/2014 7:42 PM, Always Learning wrote:
Your wish to delegate a
simple placement to the software suggests you are not well familiar with
the design and construction of your IPtables firewall.
get off your soapbox, its not becoming.
--
john r pierce
On Thu, 2014-10-30 at 16:14 +, Marko Vojinovic wrote:
> Sure, I do know how it works. :-) However, the iptables requires me to
> think about it when specifying -I or -A every time I modify the rules.
When I set-up a server, I devise the rules and the sub-systems that
interface with IPtables
On Thu, 2014-10-30 at 10:34 -0400, Toby Bluhm wrote:
> On 10/30/2014 10:20 AM, Always Learning wrote:
> >
> > On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
> >
> >> On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
> >
> >>> iptables -I INPUT -p tcp --dport 80 -j ACCEPT
> >>>
> >>> and
>
On Thu, 2014-10-30 at 09:27 -0500, Valeri Galtsev wrote:
> On Thu, October 30, 2014 6:54 am, Johnny Hughes wrote:
> > You can turn off firewalld and use iptables if that is the desire. That
> > is what I have done on my test machines.
> At the moment this can be a solution. But one day this op
On Fri, 2014-10-31 at 01:25 +1100, Steve Walsh wrote:
> On 10/31/2014 01:20 AM, Always Learning wrote:
> > -R 4web 5 -p tcp --dport 888 -s 192.168.2.1/23 -j ACCEPT
> That will only work if you want to permit from source addresses in the
> 192.168.2.1 and 192.168.3.1 netblocks. I think you want
While I'm a long-time iptables user I will be the first to admit it is
terribly difficult to work with. If you are starting from scratch
firewall-cmd makes a lot of sense, just like realmd greatly simplifies
the bind process to Active Directory.
It's good to know the underpinnings, but the bottom
On Thu, 30 Oct 2014 14:04:32 +
Always Learning wrote:
>
> The order of rules in any IPtables table is pure common sense and very
> logical. Essentially, the first rule is the first action. The second
> rule is the second action etc.
Sure, I do know how it works. :-) However, the iptables req
On 10/30/2014 10:20 AM, Always Learning wrote:
On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd --add-service=http
To do this in cmd line on Windows:
netsh advfir
On Thu, October 30, 2014 6:54 am, Johnny Hughes wrote:
> On 10/29/2014 11:01 PM, John R. Dennison wrote:
>> On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
>>>
>>> iptables -A table-name -p tcp --dport 80 -j ACCEPT
>>>
>>> No reboot needed. 'table-name' can be INPUT or another use
On 10/31/2014 01:20 AM, Always Learning wrote:
-R 4web 5 -p tcp --dport 888 -s 192.168.2.1/23 -j ACCEPT
That will only work if you want to permit from source addresses in the
192.168.2.1 and 192.168.3.1 netblocks. I think you want a -s 192.168.1.1/23
When I was first starting out in IT, I was
On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
> On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
> > iptables -I INPUT -p tcp --dport 80 -j ACCEPT
> >
> > and
> >
> > firewall-cmd --add-service=http
> To do this in cmd line on Windows:
>
> netsh advfirewall firewall add rule name=h
On Thu, 2014-10-30 at 12:38 +, Marko Vojinovic wrote:
> Incidentally, since I started using Linux I have always found iptables
> to have a very user-unfriendly syntax. Whenever I needed to tweak the
> firewall, I had to look up the man page for iptables, in order to make
> sure I don't screw
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
On Thu, 30 Oct 2014 03:56:58 +
Always Learning wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like structure and syntax i
On Thu, 30 Oct 2014 16:24:02 +1300
Peter wrote:
> On 10/30/2014 04:16 PM, Jason T. Slack-Moehrle wrote:
> > yes, so I just figured out. Thank you so much. Where does
> > `semanage` come from? I tried policycoreutils-python but it cannot
> > be found.
>
> It should be in policycoreutils-python.
On Thu, 30 Oct 2014 03:56:58 +
Always Learning wrote:
> iptables -A table-name -p tcp --dport 80 -j ACCEPT
>
> No reboot needed. 'table-name' can be INPUT or another user defined
> table name.
>
> firewall-cmd with its Windoze-like structure and syntax is definitely
> unappealing to many no
On 10/29/2014 11:01 PM, John R. Dennison wrote:
> On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
>>
>> iptables -A table-name -p tcp --dport 80 -j ACCEPT
>>
>> No reboot needed. 'table-name' can be INPUT or another user defined
>> table name.
>>
>> firewall-cmd with its Windoze-li
On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
>
> iptables -A table-name -p tcp --dport 80 -j ACCEPT
>
> No reboot needed. 'table-name' can be INPUT or another user defined
> table name.
>
> firewall-cmd with its Windoze-like structure and syntax is definitely
> unappealing to
On Wed, 2014-10-29 at 19:14 -0700, Jason T. Slack-Moehrle wrote:
> so I figured this out, I think:
>
> firewall-cmd --zone=public --add-port=2888/tcp --permanent
>
> but if is a known service, you can use:
>
> firewall-cmd --zone=public --add-service=http --permanent
>
> and then reload the f
On 10/30/2014 04:16 PM, Jason T. Slack-Moehrle wrote:
> yes, so I just figured out. Thank you so much. Where does `semanage` come
> from? I tried policycoreutils-python but it cannot be found.
It should be in policycoreutils-python. Try:
yum provides \*bin/semanage
Peter
___
yes, so I just figured out. Thank you so much. Where does `semanage` come
from? I tried policycoreutils-python but it cannot be found.
On Wed, Oct 29, 2014 at 8:10 PM, Peter wrote:
> On 10/30/2014 03:41 PM, Jason T. Slack-Moehrle wrote:
> > Soo I changed my ssh port in sshd_config and did: syste
On 10/30/2014 03:41 PM, Jason T. Slack-Moehrle wrote:
> Soo I changed my ssh port in sshd_config and did: systemctl restart
> sshd.service.
...
> and I get a connection:refused.
selinux is set to only allow sshd to listen on port 22, you need to do
something like:
semanage port -a -t ssh_port_t -
Thanks Marko for the reply.
Soo I changed my ssh port in sshd_config and did: systemctl restart
sshd.service.
I then did:
firewall-cmd --add-port=port/tcp
firewall-cmd --permanent --add-port=port/tcp
firewall-cmd --reload
and for safety: systemctl restart firewalld
and I get a connection:refuse
so I figured this out, I think:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
but if is a known service, you can use:
firewall-cmd --zone=public --add-service=http --permanent
and then reload the firewall
firewall-cmd --reload
On Wed, Oct 29, 2014 at 5:50 PM, Jason T. Slack-Moeh
On Wed, 29 Oct 2014 17:50:54 -0700
"Jason T. Slack-Moehrle" wrote:
> I tried to install CentOS 7 on a new system. It works.
>
> However, I'm noticing small things:
> 1. system-config-network-tui is not installed and yum cannot find it.
> I realized for this -- nmtui
>
> What about firewall? I c
27 matches
Mail list logo
