Questions tagged [firewalld]
Firewalld is an open source firewall solution available on several linux distributions. Firewalld uses D-BUS for monitoring and dynamic management.
69 questions
1
vote
1
answer
122
views
Firewalld cuts the maximum download speed
I have set up linux router with celeron j1900 processor, installed Arch Linux and firewalld. Connection to ISP is via PPPoE.
Firewalld is reducing maximum download speed, upload looks good:
When I ...
- 11
0
votes
0
answers
80
views
Docker container to container not working with firewalld enabled
I have managed to pinpoint the culprit to firewalld after I blindly updated my home lab system (I know...), but I cannot understand what's wrong here.
I can reproduce it by issuing the following ...
- 111
1
vote
1
answer
365
views
Firewalld port redirect to rootless podman container
I'm having a podman container running rootless on port 8080 and 8443. But I want to have access to them on port 80 and 443.
This is working quite well with firewalld and this command:
firewall-cmd \
...
- 11
1
vote
1
answer
284
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
- 13
0
votes
0
answers
96
views
Use firewalld to block some docker Application
i have a virtual machine (libvirt) running docker and some application on it. Some applications should not accessed from the host system but they need to be accessed from the docker host. So i tried ...
- 1
0
votes
2
answers
255
views
How to Block File Manager Application from Connecting to SFTP Server
Operating System : CentOS Linux 7 (Core)
File Manager : Thunar 1.6.16
Trying to achieve : Users should not copy files to other servers via SFTP. But the blocking mechanism should not block users ...
- 545
0
votes
0
answers
53
views
ssh key and firewall blocked zone
i added ssh key from servera to serverb
[production5@servera ~]$ ssh-copy-id production5@serverb
and i added servera to blocked firewalld zone in serverb.
firewall-cmd --add-source=172.25.250.10/32 \...
0
votes
0
answers
275
views
Peers can connect to VPN server but not between themselves (Packet filtered)
I'm new into VPN topic and routing in general, and wanted to learn new thinks while setting up wireguard. However I'm facing an issue that I can't resolve for some time.
As in title: Peers can connect ...
- 1
0
votes
1
answer
277
views
Firewalld forwarding whole subnet
I have a network that looks like this:
MyPC:
eth0 10.208.65.80/18
Machine A (Linux, Running a WebServer)
eth0 10.208.65.101/18
eth1 192.168.2.1/24
firwalld zones:
sudo firewall-cmd --list-all-zones
...
- 103
0
votes
1
answer
1k
views
How does firewalld "ingress" and "egress" work compared to the 'classic' way of masquerading IPs?
I'm currently on the second iteration of a home router I built myself.
On the 'original' build, I essentially wrapped the 'standard' commands in firewalld rich rules
On V1
firewall-cmd --direct --add-...
- 132k
1
vote
0
answers
791
views
How can I create a firewalld rule that allow SSH connection only from a specific IP address?
I am not a system engineer or a network expert (I am more a software developer) and I have the following problem that I have to solve related IPTABLES firewall.
I have n Linux machines that must ...
- 7,261
1
vote
0
answers
458
views
Stuck on converting firewalld direct rule syntax to rich rule syntax
I've been googling around to try to translate an iptables script I use for some wireguard rules into native firewalld rules, since all the docs I've been reading about iptables indicate that:
...
- 21
2
votes
0
answers
52
views
firewalld Zone "trusted" Drops about 15% of Frames that are Passed by Zone "public"
Background
I have two lab machines, which I'll refer to as A and B, running RHEL 8.0.
I SSH into A and B from my Windows desktop over a 1 GbE link, whose network interface I'll refer to as eth0.
A and ...
- 1,109
0
votes
1
answer
1k
views
Adding a firewalld service closes the required port instead of opening it
I have a fresh install of Rocky Linux 9 on a Linode Shared CPU instance. I just installed firewalld to get it setup. By default it has the http and ssh services enabled.
Doing an nmap scan at this ...
0
votes
1
answer
434
views
firewalld at Almalinux 9 does not apply other zones when 'sources' is specified and matched
I'm migrating from Almalinux 8 (RedHat 8) to Almalinux 9 (RedHat 9) and have got strange behaviour of firewalld.
Here is the condiguration I have (as listed by firewall-cmd --list-all-zones):
public (...
- 243
1
vote
1
answer
591
views
Firewalld DNAT Subnet translation
I want to translate subnets using firewalld.
I have a ethernet interface, that should translate incomming packets targeting
192.168.1.0/24 to 192.168.178.0/24.
My home network is 192.168.8.0/24
I ...
- 11
2
votes
1
answer
2k
views
firewalld: forward traffic as a wireguard VPN gateway
I have setup a pi running Pi OS 11 as a VPN gateway for my local network using Wireguard & Nftables, that all works fine.
However, I wish to switch over to firewalld to be compatible with docker ...
- 123
1
vote
0
answers
746
views
Firewalld open all ports except one
With firewalld, I am trying to allow all ports except one for everyone, as that port must be enabled for a specific host, and I have tried the following:
firewall-cmd --permanent --zone=public --add-...
- 11
1
vote
0
answers
48
views
Is it possible to use iptables ipset together with firewalld?
Currently, I am using firewalld and now I need to use iptables ipset so I was wondering if I can use iptables ipset alongside firewalld and if I can how I should be doing that
- 663
0
votes
1
answer
2k
views
Port for forwarding DNS queries to OpenDNS
I'm trying to configure DNS forwarders in domain controllers to OpenDNS. DNS forwarders are configured but the requests are not getting redirected via OpenDNS. I've allowed TCP port 53 to openDNS IPs ...
- 3
0
votes
0
answers
521
views
Firewalld, opening all subnet for zone
Another question about firewalld, I need someone to explain this to me in simple words, because I read countless posts and I don't know what's happening here.
I've enable the home zone in ...
- 256
0
votes
1
answer
762
views
Docker expose port with advance firewall rules
I'm using docker-compose to deploy my app.
I want to access the deployment database from my development machine.
Is there a way to expose a port with a source IP address limit? Like what happens in ...
3
votes
1
answer
2k
views
firewalld rich rules don't drop incoming traffic (CentOS 8 behind a NAT)
Post-Solving Edit
The reason this was so hard to solve at the firewall level was that it wasn't a firewall problem. Something @tom-yan said in chat made me revisit the script which pulls out the IP ...
- 113
2
votes
0
answers
229
views
Fedora unable to mount nfs due to firewalld
I am trying to create a nfs to share between my host and guest VM (run with qemu-kvm).
I followed this guide ad this is the situation:
host:
cat /etc/exports
/mnt/nfsshare 192.168.122.76/24(rw,sync,...
- 21
1
vote
0
answers
647
views
how to configure firewalld, port-forward to specific VM:port and permit VM to external
I have KVM/libvirt env as follows.
em1(external)
|
bridge0
/ | \
VM1 VM2 VM3
I hope to access to VM1(192.168.122.103) with 9091 port from external with following.
# firewall-cmd -...
- 11
0
votes
0
answers
830
views
How can I stop firewalld from interrupting an existing outgoing ssh exec session when it is started or restarted?
I have a java program running on a Centos7 server that continuously "tails" a file on another Centos7 server using the JSch library to run an ssh exec process to run a shell script on the ...
- 1
2
votes
0
answers
201
views
Fedora 33 as wireless router to the internet: stations are always isolated, cannot ping/connect between devices on the wireless lan
Wifi adapter : Asus PCE-AC88
Running on the router : Fedora 33, firewalld, hostapd (built from master), dnsmasq
Routing to the internet works great, all stations are routed to the WAN provided by my ...
2
votes
2
answers
3k
views
How to get an IP address blocked with firewall-cmd with immediate effect?
To replicate the problem have two different servers with their own IP addresses. Now start pinging one of them from the second one, and while still pinging block the first server's IP on the second ...
- 121
1
vote
1
answer
1k
views
How can I fix IPv6 not forwarding traffic correctly between interfaces?
I have two OpenSUSE servers, one with IPv6 and IPv4 while the other only has IPv4 capablities. The two of them are connected with OpenVPN and can communicate using IPv6 through the tunnel just fine.
...
- 173
0
votes
1
answer
2k
views
CentOS 8.1: Forwarding OpenVPN Clients to LAN without NAT
So there's an OpenVPN Server with multiple clients, which I successfully divided into multiple subnets.
10.0.30.0/26 for generic clients which are only allowed to communicate with the OpenVPN Server ...
- 13
1
vote
1
answer
781
views
Firewalld: allow only certain source and destination port pairs
I am using firewalld to configure my firewall. I tried to create a service that allows a specific pair of source and destination ports:
<?xml version="1.0" encoding="utf-8"?>
<service>
&...
- 475
0
votes
1
answer
656
views
How can I block (ssh) traffic from source ports other than a pre-defined one?
A VPS get lots of ssh attacks. Those attacks are various source ports:
sshd[76661]: Invalid user ts3server from 76.103.161.19 port 33062
sshd[76661]: Received disconnect from 76.103.161.19 port 33062:...
- 475
0
votes
1
answer
571
views
/var/log/firewalld is not getting rotated
I am not sure why this particular file is not getting rotated. It is not a directory. Any ideas?
The size of the firewalld file:
$ ls -alh /var/log
-rw-r--r--. 1 root root 134M Jan 31 13:49 ...
- 218
0
votes
1
answer
2k
views
I can send E-Mails but not receive E-Mails.. | CentOs - Docker - poste.io
I run a Server on CentOs 7 with FirewallD, on there i run Docker with Poste.io Mailserver. (SQLite, Dovecot, NGiNX, Haraka, RSPAMD, ClamAV, Roundcube, Z-Push)
Soo my problem is i can´t receive E-...
0
votes
1
answer
1k
views
Trouble using SCP command
After successfully establishing a ssh connection between two Ubuntu systems via
ssh [email protected] from a local machine with user name chh2
I tried copying a file from my server with the ...
- 331
0
votes
1
answer
554
views
CentOS 7 - Load settings for iptables at OS startup
I would like to load the settings below for iptables on CentOS 7 at OS startup using a bash script.
How can I do this?
#!/bin/bash
iptables -I OUTPUT -d 0.0.0.0/0 -j ACCEPT
iptables -I FORWARD -d 0....
- 1,284
7
votes
2
answers
13k
views
firewall-cmd - add-forward-port don't work
I have a KVM server (host) with multiple virtual machines (guests).
My goal is my host forward port 222 to port 22 of a guest running an ssh service.
This works...
iptables -I OUTPUT -d 0.0.0.0/0 -...
- 1,284
1
vote
0
answers
383
views
Routing Issue Between Interfaces under CentOS7/Firewalld
I use a Linux PC as my Internet gateway; it's running a fresh installation of CentOS 7 x64. I have one subnet (192.168.2.0/24) which is my regular Home network, and I have a second, separate subnet (...
- 11
0
votes
1
answer
628
views
firewalld - change destination of outgoing http and https requests from local process
I have a process that listens for incoming port 80 and 443 traffic and then sends it out to an extranet recipient. It's a proxy but I don't want to use that term because I need to send ITS outgoing ...
1
vote
1
answer
951
views
Blacklist list of IPs from File Centos 7.5
I've to deny access from set of IP set from specific country and downloaded the list from http://www.ipdeny.com/ site.
I tried to block this set using
firewall-cmd --permanent --ipset=blacklist --...
- 111
0
votes
1
answer
2k
views
Linux - FirewallD - Why is ping blocked?
I know that the drop zone (my default zone) in FirewallD blocks all incoming traffic, including icmp, so also ping.
The FedoraWorkstation zone, does not block icmp.
But where can I see this? If apply ...
- 89
1
vote
1
answer
720
views
Ho to route one subnet to another using firewalld CentOS 7
I have a CentOS 7 system, with a VPN host and one physical network interface.
I have my physical network interface assigned to public zone, while my VPN requests are going through trusted. Also, I ...
9
votes
1
answer
19k
views
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
I started out with this:
# First, allow outbound traffic for all allowed inbound traffic
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow ...
- 341
2
votes
1
answer
4k
views
Whitelist websites for specific user on linux?
Due to a child protection and safeguarding issue, I want to set up a restricted or limited account for a tech-savvy teenager to use. I would like to whitelist only specific websites (e.g. iPlayer and ...
- 223
1
vote
2
answers
2k
views
Can I block internet access of a single app with firewalld?
Is it possible to prevent a single app to access the internet with firewalld?
To be precise, i have an application packaged as an AppImage, currently installed in my Home directory, and I want it to ...
- 9,746
0
votes
1
answer
1k
views
How to make UFW work with firewalld on CentOS 7?
I've installed UFW on a fresh CentOS 7 installation, but it doesn't open the ports. I'm configuring UFW as I would on a Debian system:
sudo ufw default deny incoming
sudo ufw default allow outgoing
...
- 103
3
votes
1
answer
2k
views
Setting up rules in firewalld to allow clients in the same VPN subnet to communicate
I am trying to setup a Wireguard VPN on a Fedora server. I have it up and running and can connect with multiple clients, browse through it, ssh into the server etc. In general it just works. Except ...
- 51
3
votes
0
answers
2k
views
Docker container can't make DNS queries with FirewallD running
While FirewallD is running, all DNS queries fail and are blocked by the firewall. Running tcpdump -i docker0 while running ping google.com in a container shows me
21:27:02.683342 IP 172.17.0.2.35118 &...
- 83
0
votes
1
answer
163
views
New Linux install, can't get ssh or http connections working, connections are made but drop?
So, I / we have brand new Fedora Core 28 installation we've been trying to bring online. The installation went perfectly so far as we could tell. It has two network cards, one for an internal net, one ...
- 517
2
votes
1
answer
14k
views
firewall-cmd configure destination NAT
I am trying to configure destiation NAT on a RHEL 7.4 server. I want any traffic generated for 10.10.10.10:443 to go to 10.20.20.20:443.
After some Googling I used following direct rule:
firewall-...
- 33