similar to: firewalld being stupid

On 6 November 2015 at 21:49, Pete Travis <lists at petetravis.com> wrote: > On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: >> >> Greetings, >> >> One of my biggest frustrations with CentOS 7 has been firewalld. >> >> Essentially all of the documentation just flat doesn't work. >> >> One common

I'm still learning firewalld obviously, and I am having trouble groking the documentation to understand how to do this. I know I could do an iptables direct, but that doesn't seem like the "right" way to do it. What I'm trying to do is allow a specific service, only for a specific ip. Effectively, SNMP should be allowed form a specific IP address (the systems monitor).

On 17 Nov 2015 17:30, "Nick Bright" <nick.bright at valnet.net> wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >> firewall-cmd --runtime-to-permanent > > I went

On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: > > Greetings, > > One of my biggest frustrations with CentOS 7 has been firewalld. > > Essentially all of the documentation just flat doesn't work. > > One common thing that needs to be done is to change the zone of an interface, however I've tried: > > firewall-cmd

On Mon, November 16, 2015 16:39, Nick Bright wrote: > On 11/6/2015 3:58 PM, James Hogarth wrote: >> I have a couple of relevant articles you may be interested in ... >> >> On assigning the zone via NM: >> https://www.hogarthuk.com/?q=node/8 >> >> Look down to the "Specifying a particular firewall zone" bit ... >> remember that if you edit the

On 11/17/2015 11:12 AM, Nick Bright wrote: > firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 > firewall-cmd --zone=monitoring --add-service=snmp > firewall-cmd --zone=monitoring --add-interface=ens192 > firewall-cmd --runtime-to-permanent I went ahead and tried this and found that the zone and service must first be created, which requires use of: firewall-cmd

On 11/6/2015 3:58 PM, James Hogarth wrote: > I have a couple of relevant articles you may be interested in ... > > On assigning the zone via NM: > https://www.hogarthuk.com/?q=node/8 > > Look down to the "Specifying a particular firewall zone" bit ... > remember that if you edit the files rather than using nmcli you must > reload NM (or do nmcli reload) for that

In CentOS 6.7 I ran setup command and I could configure network settings from that "gui" utility at command line. In CentOS 7 I don't know where this goes or how to enabled. I have installed a few packages: yum install setuptool -y \ && yum install system-config-network-tui -y \ && yum install system-config-firewall* -y \ && yum install

On 11/16/2015 01:39 PM, Nick Bright wrote: > This is very frustrating, and not obvious. If --permanent doesn't work > for a command, then it should give an error - not silently fail > without doing anything! But --permanent *did* work. What you're seeing is the documented behavior: --permanent The permanent option --permanent can be used to set options

Hi all! I'n wondering if it is possible to have Centos-7 automatically change firewall zones, depending on the network we conect to. my default zone is "home" and it has some ports open that probably shouldn't be open when I'm on someone elose's network. so I'm thinking that if there's a way to have it always use home when I'm at home, and external when

On 11/17/2015 8:18 AM, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sysadmin point of view this is desirable since > changes to a running system are often performed for

On CentOS 7 with firewalld I have a box with numerous interfaces acting as a NAT gateway. This works but I noticed that it routes/forwards traffic not just from my internal zone to external zone but also between interfaces within the internal zone. How can I prevent that traffic? I've tried adding direct and rich rules to deny the traffic but it doesn't work. Direct: firewall-cmd

I tried to boot a Centos 8.2 install CD, one burned with Centos-8-2-2004-x86_64-boot . In the setup, it persisted in telling me that ethernet thing enp0s25 was disconnected. Nyet. 'Twas working several seconds previous and is working now. This is a showstopper. How do I debug it? Also, whatever else it did, I now have environment variable

Greetings, I'm working with a new CentOS 7 installation, moving a system up from CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance requirements. However, while setting up the CentOS 7 environment one of the closed source applications is requiring 0.9.8. The software vendor has advised installing package openssl098e from yum; but I'm hesitant to do so from a

On 10/21/2015 2:34 PM, Eero Volotinen wrote: > Remember that rhel/centos backports fixes, so just looking version > number is not reliable way to detect security issues. > > Eero Indeed, though I can say on CentOS 5 the required configuration to be PCI compliand is not valid in apache, and httpd will not start. -- ----------------------------------------------- - Nick Bright

Greetings, I'm running Dovecot 2.0.9 on my CentOS 6 server, for several thousand mailboxes. Recently, I've had several reports of "my mailbox is suddenly empty, where'd my mail go?" I've enabled debug logging, but I'd like to make sure I have the best level of debug to see things like "delete message" commands? I've configured in logging:

Hallo, I can t find the switch to activate the network after an installation without gui. service network start doesn t work and I don t find any other commands. Thanks for a hint. Ralf

On 10/21/2015 1:55 PM, Andrew Holway wrote: > Personally I would go round to that particular vendors office with a pipe > wrench and encourage them to do better however, unless this software is > transmitting credit card information then it seems that you could be > safe(ish) from the regulation standpoint. It really depends on the location > of the machine. Is it deep in the bowels

You need to add pop3. Please note that op3 is not secure as password and username is transferred in plain text. *firewall-cmd --add-service=pop3 --permanent* *firewall-cmd --reload--* *Eero* 2016-07-14 11:43 GMT+03:00 Subscriber <ml-lists at agoris.net.ua>: > > Thursday, July 14, 2016, 11:32:31 AM, you wrote: > > > Dear Members, > > > Please tell me how

Dear Members, Please tell me how can I fix this problem. Against allow imap on firewalld, I cannot access to the server. [root at speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... telnet: connect to address 153.153.xxx.xxx: No route to host After stopping forewalld I can access to the server. [root at speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... Connected to