firewalld – enable logging

firewalld by default does not allow packets that are dropped. In some cases, you need to find out if some packet is being dropped or not. For doing so you may want to enable logging of dropped packets with the following command:

sudo firewall-cmd  --set-log-denied=all

This will enable logging all the packets and help you figure out if firewalld is dropping the packet.

configure firewall – the easy way.

It is good practice to keep iptables/firewall enabled. But configuring it is difficult, do you agree. Not any more 🙂

Install firewall-config

sudo yum install firewall-config

This will install a GUI application, which you can run with “Firewall” application in the dash or with “firewall-config” in terminal. It is pretty straight forward to use this tool, even if you don’t have much knowledge on Firewall/iptables.

 

Enhanced by Zemanta

Allow incoming/outgoing ports on iptables

Schematic for the packet flow paths through Li...
Schematic for the packet flow paths through Linux networking and Xtables (Photo credit: Wikipedia)

Last couple of years, I just used to disable iptables on my system, this time I decided not to disable it and keep it enabled.

So far so good, now comes the tricky part, I have http server enabled on my system and since this is on local network with already firewall and other security in place so I can allow all incoming to my system and similarly I need to enable XDMCP outgoing. So, I can add the rules like this :

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -d 0/0 --dport 177 -j ACCEPT for XDMCP

This works only till I reboot my system and is not persistent. Okay, so I can put this in rc.local file. But why I should do that, there should be more elegnant way. So, I searched and finally found that I can simply put the rules in /etc/sysconfig/iptables as follows:

-A INPUT -p tcp –dport 22 -j ACCEPT
-A OUTPUT -p udp -s 0/0 -d 0/0 --dport 177 -j ACCEPT for XDMCP
Enhanced by Zemanta