Same here, I didn't monkey with the firewall since the days of iptables,
where I had my rules in a file that I'd load up in iptables. I would drop
everything by default and only poke holes for things that I needed. Now we
have zones and policies and stuff and I have to read an entire treatise on
On Wed, 2023-06-21 at 16:26 +, Amadeus WM via users wrote:
> I tried to add the rule in the running firewalld, i.e. without the --
> permanent option and I can still connect to the darn thing. I wonder if it
> has something to do with the order in which the rules or the tables are
> being pro
Oh, I see, that's very useful to know.
But if I do add a rule to iptables, then that should get translated into
an nft rule? And should be honored? Because the rule I put in firewalld
does show up as an nft rule, but doesn't block anything.
On Mon, 19 Jun 2023 10:20:02 -0400, Jonathan Billing
I tried to add the rule in the running firewalld, i.e. without the --
permanent option and I can still connect to the darn thing. I wonder if it
has something to do with the order in which the rules or the tables are
being processed.
firewall-cmd --add-rich-rule="rule family='ipv4' protocol val
Tim:
>> We're more used to controls doing something immediately. This is more
>> akin to editing a configuration file, then restarting the service.
Chris Adams:
> When you think about changing firewall rules, especially on a remote
> system, it makes sense - you may need to batch up changes and a
Once upon a time, Tim said:
> We're more used to controls doing something immediately. This is more
> akin to editing a configuration file, then restarting the service.
When you think about changing firewall rules, especially on a remote
system, it makes sense - you may need to batch up changes
On Mon, 2023-06-19 at 13:07 -0500, Chris Adams wrote:
> One quirk of fireall-cmd is that there are two distinct modes - one that
> operates on the stored configuration (with --permanent) and one that
> operates on the running config (without --permanent).
While the logic of the above makes sense
On 6/19/23 11:07, Chris Adams wrote:
Once upon a time, Amadeus WM said:
2. The command that I tried
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value="tcp" destination address='aa.bb.0.0/16' reject"
One quirk of fireall-cmd is that there are two distinct modes - one
Once upon a time, Amadeus WM said:
> 2. The command that I tried
>
> firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
> value="tcp" destination address='aa.bb.0.0/16' reject"
One quirk of fireall-cmd is that there are two distinct modes - one that
operates on the stored con
On Jun 19, 2023, at 12:20, Barry wrote:
>
> That is configurable. It defaults to the nftables backend on new installs.
> I force it to iptables because i force in an iptables rule in my setup.
>
> In the kernel iptables is implemented by a compatibility layer by nftables i
> think.
Regardless
> On 19 Jun 2023, at 13:27, Amadeus WM via users
> wrote:
>
> Under the hood, by default, firewalld uses the newer nftables instead of
> iptables. I don't know how these two interact, if anything maybe we should
> do this in nftables.
That is configurable. It defaults to the nftables backen
On Jun 19, 2023, at 09:08, Amadeus WM via users
wrote:
>
> So after digging a bit more into this,
>
> firewall-cmd --get-active-zone
> FedoraWorkstation
> interfaces: enp8s0
> docker
> interfaces: docker0
>
> firewall-cmd --get-default-zone
> FedoraWorkstation
>
>
> firewall-cmd --permane
So after digging a bit more into this,
firewall-cmd --get-active-zone
FedoraWorkstation
interfaces: enp8s0
docker
interfaces: docker0
firewall-cmd --get-default-zone
FedoraWorkstation
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value="tcp" destination address='aa.
Sure, like I said, it can be done with iptables. But:
1. Why do we have firewalld then? It seems to me that such a trivial thing
should be configurable with firewalld.
2. The command that I tried
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value="tcp" destination addr
> On 18 Jun 2023, at 23:26, Mike Wright wrote:
>
> How about bypassing firewalld and using iptables directly to add a rule to
> the kernel?
Does firewalld not remove that rule or otherwise make this unreliable?
___
users mailing list -- users@lists
On 6/18/23 11:15, Amadeus WM via users wrote:
Say I want to drop/reject outgoing connections to a particular destination
address (for parental control). How would I do this with firewalld?
How about bypassing firewalld and using iptables directly to add a rule
to the kernel?
iptables -A OUTP
On Sun, Jun 18, 2023 at 2:15 PM Amadeus WM via users
wrote:
>
> Say I want to drop/reject outgoing connections to a particular destination
> address (for parental control). How would I do this with firewalld?
I can't address using firewalld, but I think you could get basically
the same result by
Say I want to drop/reject outgoing connections to a particular destination
address (for parental control). How would I do this with firewalld?
I tried
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' protocol
value="tcp" destination address='aa.bb.0.0/16' reject"
firewall-cmd --r
On 02/14/2013 09:52 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
On 14/02/13 09:55, Thomas Woerner wrote:
However now after restarting Firewalld Tkremind accesses the server and
works normally. Something appears to have changed as a result of
stopping and starting firewalld? Can I expect it to c
On 14/02/13 09:55, Thomas Woerner wrote:
However now after restarting Firewalld Tkremind accesses the server and
works normally. Something appears to have changed as a result of
stopping and starting firewalld? Can I expect it to continue to work
after the next reboot?
Do you know if tkremind is
On 02/12/2013 09:59 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
I've been checking everything to determine why my calendar program
Tkremind would connect to one server but not the other in this F-18
computer. The problem was only with Tkremind, Libreoffice, and Notecase
worked normally.
I just
On Tue, Feb 12, 2013 at 04:13:56PM -0500, Bob Goodwin - Zuni, Virginia, USA
wrote:
> Aha, it's already there in the Settings menu. I didn't notice that
> before. Using it however is not very intuitive for me. That will
> take some research.
Please file any bugs you find, including documentation a
On 12/02/13 16:03, Patrick O'Callaghan wrote:
For more control over firewalld:
yum install firewall-config
poc
Aha, it's already there in the Settings menu. I didn't notice that
before. Using it however is not very intuitive for me. That will take
some research.
Thanks,
Bob
--
http://www
On Tue, 2013-02-12 at 15:59 -0500, Bob Goodwin - Zuni, Virginia, USA
wrote:
> I've been checking everything to determine why my calendar program
> Tkremind would connect to one server but not the other in this F-18
> computer. The problem was only with Tkremind, Libreoffice, and Notecase
> worke
I've been checking everything to determine why my calendar program
Tkremind would connect to one server but not the other in this F-18
computer. The problem was only with Tkremind, Libreoffice, and Notecase
worked normally.
I just did service firewalld status, stop, and start since I had onl
25 matches
Mail list logo
