All Questions
Tagged with firewalld networking
23 questions
1
vote
1
answer
284
views
How can I setup FIREWALLD with IPSEC (StrongSwan) Site-to-Site to make PING work on Debian 12?
I have 3 nodes with public and local IP address, each:
Node A: edge router #1 (10.41.1.0/24)
Node B: edge router #2 (10.48.2.0/24)
Node C: VMS with Debian 12, docker containers and firewalld (ex. 172....
- 13
0
votes
1
answer
1k
views
How does firewalld "ingress" and "egress" work compared to the 'classic' way of masquerading IPs?
I'm currently on the second iteration of a home router I built myself.
On the 'original' build, I essentially wrapped the 'standard' commands in firewalld rich rules
On V1
firewall-cmd --direct --add-...
- 132k
1
vote
0
answers
791
views
How can I create a firewalld rule that allow SSH connection only from a specific IP address?
I am not a system engineer or a network expert (I am more a software developer) and I have the following problem that I have to solve related IPTABLES firewall.
I have n Linux machines that must ...
- 7,261
2
votes
0
answers
52
views
firewalld Zone "trusted" Drops about 15% of Frames that are Passed by Zone "public"
Background
I have two lab machines, which I'll refer to as A and B, running RHEL 8.0.
I SSH into A and B from my Windows desktop over a 1 GbE link, whose network interface I'll refer to as eth0.
A and ...
- 1,109
0
votes
1
answer
1k
views
Adding a firewalld service closes the required port instead of opening it
I have a fresh install of Rocky Linux 9 on a Linode Shared CPU instance. I just installed firewalld to get it setup. By default it has the http and ssh services enabled.
Doing an nmap scan at this ...
1
vote
1
answer
591
views
Firewalld DNAT Subnet translation
I want to translate subnets using firewalld.
I have a ethernet interface, that should translate incomming packets targeting
192.168.1.0/24 to 192.168.178.0/24.
My home network is 192.168.8.0/24
I ...
- 11
0
votes
0
answers
521
views
Firewalld, opening all subnet for zone
Another question about firewalld, I need someone to explain this to me in simple words, because I read countless posts and I don't know what's happening here.
I've enable the home zone in ...
- 256
3
votes
1
answer
2k
views
firewalld rich rules don't drop incoming traffic (CentOS 8 behind a NAT)
Post-Solving Edit
The reason this was so hard to solve at the firewall level was that it wasn't a firewall problem. Something @tom-yan said in chat made me revisit the script which pulls out the IP ...
- 113
2
votes
0
answers
229
views
Fedora unable to mount nfs due to firewalld
I am trying to create a nfs to share between my host and guest VM (run with qemu-kvm).
I followed this guide ad this is the situation:
host:
cat /etc/exports
/mnt/nfsshare 192.168.122.76/24(rw,sync,...
- 21
2
votes
0
answers
201
views
Fedora 33 as wireless router to the internet: stations are always isolated, cannot ping/connect between devices on the wireless lan
Wifi adapter : Asus PCE-AC88
Running on the router : Fedora 33, firewalld, hostapd (built from master), dnsmasq
Routing to the internet works great, all stations are routed to the WAN provided by my ...
1
vote
1
answer
1k
views
How can I fix IPv6 not forwarding traffic correctly between interfaces?
I have two OpenSUSE servers, one with IPv6 and IPv4 while the other only has IPv4 capablities. The two of them are connected with OpenVPN and can communicate using IPv6 through the tunnel just fine.
...
- 173
1
vote
0
answers
383
views
Routing Issue Between Interfaces under CentOS7/Firewalld
I use a Linux PC as my Internet gateway; it's running a fresh installation of CentOS 7 x64. I have one subnet (192.168.2.0/24) which is my regular Home network, and I have a second, separate subnet (...
- 11
0
votes
1
answer
2k
views
Linux - FirewallD - Why is ping blocked?
I know that the drop zone (my default zone) in FirewallD blocks all incoming traffic, including icmp, so also ping.
The FedoraWorkstation zone, does not block icmp.
But where can I see this? If apply ...
- 89
1
vote
1
answer
721
views
Ho to route one subnet to another using firewalld CentOS 7
I have a CentOS 7 system, with a VPN host and one physical network interface.
I have my physical network interface assigned to public zone, while my VPN requests are going through trusted. Also, I ...
2
votes
1
answer
4k
views
Whitelist websites for specific user on linux?
Due to a child protection and safeguarding issue, I want to set up a restricted or limited account for a tech-savvy teenager to use. I would like to whitelist only specific websites (e.g. iPlayer and ...
- 223
1
vote
2
answers
2k
views
Can I block internet access of a single app with firewalld?
Is it possible to prevent a single app to access the internet with firewalld?
To be precise, i have an application packaged as an AppImage, currently installed in my Home directory, and I want it to ...
- 9,746
3
votes
0
answers
2k
views
Docker container can't make DNS queries with FirewallD running
While FirewallD is running, all DNS queries fail and are blocked by the firewall. Running tcpdump -i docker0 while running ping google.com in a container shows me
21:27:02.683342 IP 172.17.0.2.35118 &...
- 83
0
votes
1
answer
163
views
New Linux install, can't get ssh or http connections working, connections are made but drop?
So, I / we have brand new Fedora Core 28 installation we've been trying to bring online. The installation went perfectly so far as we could tell. It has two network cards, one for an internal net, one ...
- 517
1
vote
1
answer
837
views
firewalld and localhost address translation
I have a server with red hat 7.1 which has two ip addresses, a public one available on internet on interface bond1 and a private one on the corporate lan on interface bond0.
I have apache 2.4 ...
- 121
3
votes
1
answer
10k
views
using firewalld and firewall-cmd how to add-rule to primary INPUT chain not INPUT_direct
so after reading the firewalld man page and fedora documentation, I have come to the understanding that to add a custom rule to firewall with specific arguements i need to use the structure
firewall-...
- 141
7
votes
1
answer
4k
views
How to block docker-mapped ports with a firewall from outside the host without messing up docker routing inside the host?
I have a docker container running on a host with some port mapped to a port on the host.
docker run -d -p 9009:9009 someserver
I want this machine firewalled off from the internet except for 80, ...
- 261
1
vote
1
answer
3k
views
Port forwarding to VM using firewalld
I have been looking and not able to find anything about how to solve this problem. I am trying to set up port forwarding to a VM (qemu) on a CentOS 7 Server.
Tying to forward anything incoming on ...
- 11
3
votes
1
answer
416
views
Configure firewalld to distinguish home and public ethernet connection
I connect my notebook via ethernet at home and outside. I want to open some ports for services like samba only at home and not somewhere else.
How can i let firewalld automatically detect where i am, ...
- 31