Page 5 of 5 FirstFirst ... 345
Results 41 to 43 of 43

Thread: can anyone provide a clear overview of the move to firewalld?

  1. #41
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,289
    Blog Entries
    1

    Default Re: can anyone provide a clear overview of the move to firewalld?

    I assume you're still working on the IPv6 blacklisting?

  2. #42

    Default Re: can anyone provide a clear overview of the move to firewalld?

    I haven't got all the IPv6 addresses yet, unfortunately, but I am working on it. I have at least checked with Wireshark that the connections I get to the Google/Facebook/Microsoft etc. companies (which are now blocked in IPv4) are through IPv6. So it is only a matter of time.....

  3. #43
    Join Date
    Feb 2016
    Location
    Berlin
    Posts
    357

    Default Re: can anyone provide a clear overview of the move to firewalld?

    so, was about to follow recipe by tuner (disable sfw2 enable firewalld, disable ssh etc)

    just some questions, for ordinary laptop (no servers), have vbox and qemu/kvm, use torrent, use vnc and vpn (but this is the client) are there any ports or services i should be aware of?

    im having some trouble seeing the wood for the trees in susefirewall config file, so instead list ports using iptables which surprised me (what is going on here (with so many ports)?)

    Code:
    ~> sudo iptables -L
    [sudo] password for root:  
    Chain INPUT (policy DROP)
    target     prot opt source               destination          
    ACCEPT     all  --  anywhere             anywhere             
    ACCEPT     all  --  anywhere             anywhere             ctstate ESTABLISHED
    ACCEPT     icmp --  anywhere             anywhere             ctstate RELATED
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:mdns PKTTYPE = multicast
    input_ext  all  --  anywhere             anywhere             
    DROP       all  --  anywhere             anywhere             
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination          
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination          
    ACCEPT     all  --  anywhere             anywhere             
    
    Chain forward_ext (0 references)
    target     prot opt source               destination          
    
    Chain input_ext (1 references)
    target     prot opt source               destination          
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:sesi-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:houdini-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:xmsg
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:fj-hdnet
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:h323gatedisc
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:h323gatestat
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:h323hostcall
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:caicci
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:hks-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:pptp
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:csbphonemaster
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:iden-ralp
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:iberiagames
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:winddx
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:telindus
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:citynl
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:roketz
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:msiccp
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:proxim
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:siipat
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cambertx-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:privatechat
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:street-stream
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:ultimad
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:gamegen1
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:webaccess
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:encore
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cisco-net-mgmt
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:3Com-nsd
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cinegrfx-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:ncpm-ft
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:remote-winsock
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:ftrapid-1
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:ftrapid-2
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:oracle-em1
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:aspen-services
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:sslp
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:swiftnet
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:lofr-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:1753
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:oracle-em2
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:ms-streaming
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:capfast-lmd
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cnhrp
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:tftp-mcast
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:spss-lm
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:www-ldap-gw
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cft-0
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cft-1
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cft-2
    ACCEPT     udp  --  anywhere             anywhere             PKTTYPE = broadcast udp dpt:cft-3
    DROP       all  --  anywhere             anywhere             PKTTYPE = broadcast
    ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
    ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:sesi-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:houdini-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:xmsg
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:fj-hdnet
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:h323gatedisc
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:h323gatestat
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:h323hostcall
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:caicci
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:hks-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pptp
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:csbphonemaster
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:iden-ralp
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:iberiagames
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:winddx
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:telindus
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:citynl
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:roketz
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:msiccp
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:proxim
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:siipat
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cambertx-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:privatechat
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:street-stream
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ultimad
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:gamegen1
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webaccess
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:encore
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cisco-net-mgmt
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3Com-nsd
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cinegrfx-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ncpm-ft
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:remote-winsock
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftrapid-1
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftrapid-2
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:oracle-em1
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:aspen-services
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:sslp
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:swiftnet
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:lofr-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:predatar-comms
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:oracle-em2
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ms-streaming
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:capfast-lmd
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cnhrp
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:tftp-mcast
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:spss-lm
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:www-ldap-gw
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cft-0
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cft-1
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cft-2
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cft-3
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:sesi-lm
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:houdini-lm
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:xmsg
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:fj-hdnet
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:h323gatedisc
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:h323gatestat
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:h323hostcall
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:caicci
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:hks-lm
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:pptp
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:csbphonemaster
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:iden-ralp
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:iberiagames
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:winddx
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:telindus
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:citynl
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:roketz
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:msiccp
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:proxim
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:siipat
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:cambertx-lm
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:privatechat
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:street-stream
    ACCEPT     udp  --  anywhere             anywhere             udp dpt:ultimad
    ....snip...
    DROP       all  --  anywhere             anywhere             /* sfw2.insert.pos */ PKTTYPE != unicast
    DROP       all  --  anywhere             anywhere             
    
    Chain reject_func (0 references)
    target     prot opt source               destination          
    REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
    REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
    REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable
    
    

Page 5 of 5 FirstFirst ... 345

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •