On 08/14/2014 01:16 AM, Timothy Murphy wrote:
Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of activated
system services, not the core firewall functionality. FirewallD just
builds and modifies iptables rules.
I'm a bit surprised no-one has mentioned
Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of activated
system services, not the core firewall functionality. FirewallD just
builds and modifies iptables rules.
I'm a bit surprised no-one has mentioned shorewall.
I'm using it on two tiny home
Am 13.08.2014 um 15:16 schrieb Timothy Murphy:
I'm a bit surprised no-one has mentioned shorewall.
I'm using it on two tiny home servers,
one under CentOS-6 and the other CentOS-7.
Basically, this is because I don't understand iptables,
or really want to understand it.
here, too, I'm using
On Wed, August 13, 2014 8:16 am, Timothy Murphy wrote:
Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of activated
system services, not the core firewall functionality. FirewallD just
builds and modifies iptables rules.
I often wonder if I am in a
On Fri, Aug 08, 2014 at 04:55:15PM -0500, Neil Aggarwal wrote:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
Looking at the
Am 2014-08-08 23:55, schrieb Neil Aggarwal:
Hello all:
I am looking at the documentation of the new firewalld service in
CentOS 7.
It looks like no matter what I configure with it, outgoing connections
are
still going to be allowed. That does not seem very secure.
I always set my
Jonathan:
Looking at the documentation closer, there does appear to be a way to
add rules to the OUTPUT table, using the rich rules syntax.
Do you see a way to set the default policy to DROP?
Thanks,
Neil
--
Neil Aggarwal, (972) 834-1565
We lend money to investors to buy or refinance
On Tue, Aug 12, 2014 at 09:26:17AM -0500, Neil Aggarwal wrote:
Jonathan:
Looking at the documentation closer, there does appear to be a way to
add rules to the OUTPUT table, using the rich rules syntax.
Do you see a way to set the default policy to DROP?
Most likely, just adding the
Wonderful!
Can you do with firewalld an equivalent of the following done with iptables:
:SSHSCAN - [0:0]
-A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
-A SSHSCAN -m recent --set --name SSH
-A SSHSCAN -m recent --update --seconds 300 --hitcount 10 --name SSH -j DROP
-A INPUT -p tcp
On Tue, 2014-08-12 at 09:59 -0500, Valeri Galtsev wrote:
Long ago I learned a rule
(what users will expect from a good sysadmin): do not make any changes
unless they are absolutely necessary.
The English (non-American) version is
If it ain't broke, don't fix it.
So, to use in C7's
On Mon, 2014-08-11 at 21:19 -0700, Kirk Bocek wrote:
I have now been alerted by two list members to the behavior of the
individual involved. I will not allow myself to be baited again.
I have blocked his normal and private email addresses on every incoming
MTA. Details available.
--
On Tue, Aug 12, 2014 at 09:59:17AM -0500, Valeri Galtsev wrote:
Wonderful!
Can you do with firewalld an equivalent of the following done with iptables:
:SSHSCAN - [0:0]
-A INPUT -p tcp --dport 22 -m state --state NEW -j SSHSCAN
-A SSHSCAN -m recent --set --name SSH
-A SSHSCAN -m recent
Great, thanks!
It looks like I will survive even if they drop iptables-service in some
future to come. Just for my understanding which of the following is
incorrect:
1. firewalld is a front end to the iptables kernel module (pretty much as
iptables-service is)
2. therefore the rules syntax is
On 08/09/2014 09:45 AM, Valeri Galtsev wrote:
On Sat, August 9, 2014 9:15 am, Neil Aggarwal wrote:
Tom:
I thought we were supposed to be moving forward
That is my thought exactly. This is a step backwards.
I guess I will disable firewalld and go back to iptables.
Systemd,
You and 4 other guys are moving things from Linux to FreeBSD.
The rest of the world is moving things from UNIX and Windows to Linux.
CentOS-7 rebuild RHEL sources and most all of the important Enterprise
Linux things are moving to RHEL.
RHEL runs the stock exchanges, the banks, etc.
Free
On Mon, August 11, 2014 8:28 am, Johnny Hughes wrote:
On 08/09/2014 09:45 AM, Valeri Galtsev wrote:
On Sat, August 9, 2014 9:15 am, Neil Aggarwal wrote:
Tom:
I thought we were supposed to be moving forward
That is my thought exactly. This is a step backwards.
I guess I will disable
On Mon, Aug 11, 2014 at 11:23 AM, Valeri Galtsev galt...@kicp.uchicago.edu
wrote:
You only spotted 4 _last_ guys running away to UNIX. The rest fled quite a
while ago.
I wasn't aware that this was a forum for whining that upstream's vision of
a system didn't match one's own. You stated your
On 11.08.2014 15:43, Tom Bishop wrote:
You and 4 other guys are moving things from Linux to FreeBSD.
The rest of the world is moving things from UNIX and Windows to Linux.
CentOS-7 rebuild RHEL sources and most all of the important Enterprise
Linux things are moving to RHEL.
RHEL runs the
On Mon, Aug 11, 2014 at 11:23 AM, Valeri Galtsev galt...@kicp.uchicago.edu
wrote:
You only spotted 4 _last_ guys running away to UNIX. The rest fled quite a
while ago.
On Mon, 2014-08-11 at 12:53 -0400, BC wrote:
I wasn't aware that this was a forum for whining that upstream's vision
On Mon, 2014-08-11 at 19:10 +0200, Dennis Jacobfeuerborn wrote:
It's strange that people threaten to go FreeBSD simply because the
defaults are not to their liking. Not exactly a rational way to look
at things.
Leider nicht.
1. firewalld is not a full firewall - at best it is half-finished
On Aug 11, 2014, at 1:16 PM, Always Learning cen...@u62.u22.net wrote:
Stating one's dread of having imposed as a standard, a firewall that can
not control outgoing packets and has dumbed-down Micro$oft-like 'zones'
and the possible future removal of IP Tables from the very much admired
Centos
On 8/11/2014 11:36 AM, Jonathan Billings wrote:
On Aug 11, 2014, at 1:16 PM, Always Learning cen...@u62.u22.net wrote:
Stating one's dread of having imposed as a standard, a firewall that can
not control outgoing packets and has dumbed-down Micro$oft-like 'zones'
and the possible future
On 8/11/2014 11:56 AM, Reindl Harald wrote:
Am 11.08.2014 um 20:47 schrieb Kirk Bocek:
I have not even started to digest 7. What is the proper method of
getting back to an industrial strength firewall under 7? Does one
disable FirewallD and install iptables or does iptables install on top
of
On Mon, 2014-08-11 at 14:36 -0400, Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of
activated system services
I just love using sv ipt ... (my abbreviations for service iptables).
Not keen on another 'service' duplicating my manual and automated
efforts.
On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote:
FirewallD just builds and modifies iptables rules.
Why do I need more complexity together with more learning time and more
effort and conversion of existing rules ? IP Tables works fine.
Absolutely no complaints.
Do you run
On 8/11/2014 12:53 PM, Matthew Miller wrote:
On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote:
FirewallD just builds and modifies iptables rules.
Why do I need more complexity together with more learning time and more
effort and conversion of existing rules ? IP Tables works
On 08/12/2014 07:25 AM, Always Learning wrote:
On Mon, 2014-08-11 at 14:36 -0400, Jonathan Billings wrote:
'FirewallD' doesn't replace 'iptables' except in the sense of
activated system services
I just love using sv ipt ... (my abbreviations for service iptables).
Not keen on another
On 8/11/2014 12:07 PM, Kirk Bocek wrote:
OMG if it's that important I will, I will!
What's your malfunction? How about gathering information and knowledge
before starting a major upgrade?
___
I have now been alerted by two list members to the
On Sat, 2014-08-09 at 09:45 -0500, Valeri Galtsev wrote:
Systemd, firewalld... Linux from what formerly was UNIX-like becomes MS
Windows-like. This is what you will hear from everybody fleeing Linux (I
for one started gradually moving servers to FreeBSD a while back).
Snap ! (meaning in
On Aug 9, 2014, at 10:45 AM, Valeri Galtsev galt...@kicp.uchicago.edu wrote:
Systemd, firewalld... Linux from what formerly was UNIX-like becomes MS
Windows-like. This is what you will hear from everybody fleeing Linux (I
for one started gradually moving servers to FreeBSD a while back).
While
Earl:
I am looking at the documentation of the new firewalld service in CentOS
7.
You can check out the following document
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/ht
ml/Security_Guide/sec-Using_Firewalls.html
That is the document I read when I referred to
2014-08-09 0:55 GMT+03:00 Neil Aggarwal n...@jammconsulting.com:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
I
On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
I always set my
On Sat, Aug 9, 2014 at 8:44 AM, Jim Perrin jper...@centos.org wrote:
On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to
Tom:
I thought we were supposed to be moving forward
That is my thought exactly. This is a step backwards.
I guess I will disable firewalld and go back to iptables.
Thanks,
Neil
--
Neil Aggarwal, (972) 834-1565
We lend money to investors to buy or refinance single family rent houses.
No
On Sat, August 9, 2014 9:15 am, Neil Aggarwal wrote:
Tom:
I thought we were supposed to be moving forward
That is my thought exactly. This is a step backwards.
I guess I will disable firewalld and go back to iptables.
Systemd, firewalld... Linux from what formerly was UNIX-like becomes
On 08/08/2014 05:55 PM, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
I always set my servers
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
I always set my servers to default policy of DROP for everything incoming
On Fri, 2014-08-08 at 16:55 -0500, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7.
It looks like no matter what I configure with it, outgoing connections are
still going to be allowed. That does not seem very secure.
I always
39 matches
Mail list logo