On Thu, October 30, 2014 12:14, Marko Vojinovic wrote:
I have a feeling that it's just the case of lazy sysadmins who don't
want to bother reading the man page for firewall-cmd. They seem to be
the ones who are not informed. Moreover, the lockdown and panic options
seem to be an improvement
On Fri, Oct 31, 2014 at 02:42:03AM +, Always Learning wrote:
Assuming the IPtables firewall is logically designed, it is very easy to
see exactly where you need to place the command. Your wish to delegate a
simple placement to the software suggests you are not well familiar with
the design
On 10/29/2014 11:01 PM, John R. Dennison wrote:
On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like structure
On Thu, 30 Oct 2014 03:56:58 +
Always Learning cen...@u62.u22.net wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like structure and syntax is definitely
On Thu, 30 Oct 2014 16:24:02 +1300
Peter pe...@pajamian.dhs.org wrote:
On 10/30/2014 04:16 PM, Jason T. Slack-Moehrle wrote:
yes, so I just figured out. Thank you so much. Where does
`semanage` come from? I tried policycoreutils-python but it cannot
be found.
It should be in
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
On Thu, 30 Oct 2014 03:56:58 +
Always Learning cen...@u62.u22.net wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like
On Thu, 2014-10-30 at 12:38 +, Marko Vojinovic wrote:
Incidentally, since I started using Linux I have always found iptables
to have a very user-unfriendly syntax. Whenever I needed to tweak the
firewall, I had to look up the man page for iptables, in order to make
sure I don't screw
On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd --add-service=http
To do this in cmd line on Windows:
netsh advfirewall firewall add rule name=httpd dir=in \
On Thu, October 30, 2014 6:54 am, Johnny Hughes wrote:
On 10/29/2014 11:01 PM, John R. Dennison wrote:
On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
On 10/31/2014 01:20 AM, Always Learning wrote:
-R 4web 5 -p tcp --dport 888 -s 192.168.2.1/23 -j ACCEPT
That will only work if you want to permit from source addresses in the
192.168.2.1 and 192.168.3.1 netblocks. I think you want a -s 192.168.1.1/23
anecdote
When I was first starting out in
On 10/30/2014 10:20 AM, Always Learning wrote:
On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd --add-service=http
To do this in cmd line on Windows:
netsh
On Thu, 30 Oct 2014 14:04:32 +
Always Learning cen...@u62.u22.net wrote:
The order of rules in any IPtables table is pure common sense and very
logical. Essentially, the first rule is the first action. The second
rule is the second action etc.
Sure, I do know how it works. :-) However,
While I'm a long-time iptables user I will be the first to admit it is
terribly difficult to work with. If you are starting from scratch
firewall-cmd makes a lot of sense, just like realmd greatly simplifies
the bind process to Active Directory.
It's good to know the underpinnings, but the
On Fri, 2014-10-31 at 01:25 +1100, Steve Walsh wrote:
On 10/31/2014 01:20 AM, Always Learning wrote:
-R 4web 5 -p tcp --dport 888 -s 192.168.2.1/23 -j ACCEPT
That will only work if you want to permit from source addresses in the
192.168.2.1 and 192.168.3.1 netblocks. I think you want a -s
On Thu, 2014-10-30 at 09:27 -0500, Valeri Galtsev wrote:
On Thu, October 30, 2014 6:54 am, Johnny Hughes wrote:
You can turn off firewalld and use iptables if that is the desire. That
is what I have done on my test machines.
At the moment this can be a solution. But one day this option
On Thu, 2014-10-30 at 10:34 -0400, Toby Bluhm wrote:
On 10/30/2014 10:20 AM, Always Learning wrote:
On Thu, 2014-10-30 at 10:01 -0400, Toby Bluhm wrote:
On 10/30/2014 8:38 AM, Marko Vojinovic wrote:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
and
firewall-cmd
On Thu, 2014-10-30 at 16:14 +, Marko Vojinovic wrote:
Sure, I do know how it works. :-) However, the iptables requires me to
think about it when specifying -I or -A every time I modify the rules.
When I set-up a server, I devise the rules and the sub-systems that
interface with IPtables
On 10/30/2014 7:42 PM, Always Learning wrote:
Your wish to delegate a
simple placement to the software suggests you are not well familiar with
the design and construction of your IPtables firewall.
get off your soapbox, its not becoming.
--
john r pierce
On Thu, October 30, 2014 9:42 pm, Always Learning wrote:
On Thu, 2014-10-30 at 16:14 +, Marko Vojinovic wrote:
Sure, I do know how it works. :-) However, the iptables requires me to
think about it when specifying -I or -A every time I modify the rules.
When I set-up a server, I devise
I tried to install CentOS 7 on a new system. It works.
However, I'm noticing small things:
1. system-config-network-tui is not installed and yum cannot find it. I
realized for this -- nmtui
What about firewall? I can't seem to understand the replacement from
system-config-firewall-tui
Jason
On Wed, 29 Oct 2014 17:50:54 -0700
Jason T. Slack-Moehrle slackmoeh...@gmail.com wrote:
I tried to install CentOS 7 on a new system. It works.
However, I'm noticing small things:
1. system-config-network-tui is not installed and yum cannot find it.
I realized for this -- nmtui
What about
so I figured this out, I think:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
but if is a known service, you can use:
firewall-cmd --zone=public --add-service=http --permanent
and then reload the firewall
firewall-cmd --reload
On Wed, Oct 29, 2014 at 5:50 PM, Jason T.
Thanks Marko for the reply.
Soo I changed my ssh port in sshd_config and did: systemctl restart
sshd.service.
I then did:
firewall-cmd --add-port=port/tcp
firewall-cmd --permanent --add-port=port/tcp
firewall-cmd --reload
and for safety: systemctl restart firewalld
and I get a
On 10/30/2014 03:41 PM, Jason T. Slack-Moehrle wrote:
Soo I changed my ssh port in sshd_config and did: systemctl restart
sshd.service.
...
and I get a connection:refused.
selinux is set to only allow sshd to listen on port 22, you need to do
something like:
semanage port -a -t ssh_port_t -p
yes, so I just figured out. Thank you so much. Where does `semanage` come
from? I tried policycoreutils-python but it cannot be found.
On Wed, Oct 29, 2014 at 8:10 PM, Peter pe...@pajamian.dhs.org wrote:
On 10/30/2014 03:41 PM, Jason T. Slack-Moehrle wrote:
Soo I changed my ssh port in
On 10/30/2014 04:16 PM, Jason T. Slack-Moehrle wrote:
yes, so I just figured out. Thank you so much. Where does `semanage` come
from? I tried policycoreutils-python but it cannot be found.
It should be in policycoreutils-python. Try:
yum provides \*bin/semanage
Peter
On Wed, 2014-10-29 at 19:14 -0700, Jason T. Slack-Moehrle wrote:
so I figured this out, I think:
firewall-cmd --zone=public --add-port=2888/tcp --permanent
but if is a known service, you can use:
firewall-cmd --zone=public --add-service=http --permanent
and then reload the firewall
On Thu, Oct 30, 2014 at 03:56:58AM +, Always Learning wrote:
iptables -A table-name -p tcp --dport 80 -j ACCEPT
No reboot needed. 'table-name' can be INPUT or another user defined
table name.
firewall-cmd with its Windoze-like structure and syntax is definitely
unappealing to many
28 matches
Mail list logo