Displaying 20 results from an estimated 5000 matches similar to: "firewalld being stupid"
2015 Nov 06
2
firewalld being stupid
On 6 November 2015 at 21:49, Pete Travis <lists at petetravis.com> wrote:
> On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote:
>>
>> Greetings,
>>
>> One of my biggest frustrations with CentOS 7 has been firewalld.
>>
>> Essentially all of the documentation just flat doesn't work.
>>
>> One common
2015 Nov 17
3
firewalld rule syntax
I'm still learning firewalld obviously, and I am having trouble groking
the documentation to understand how to do this.
I know I could do an iptables direct, but that doesn't seem like the
"right" way to do it.
What I'm trying to do is allow a specific service, only for a specific ip.
Effectively, SNMP should be allowed form a specific IP address (the
systems monitor).
2015 Nov 17
1
firewalld rule syntax
On 17 Nov 2015 17:30, "Nick Bright" <nick.bright at valnet.net> wrote:
>
> On 11/17/2015 11:12 AM, Nick Bright wrote:
>>
>> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32
>> firewall-cmd --zone=monitoring --add-service=snmp
>> firewall-cmd --zone=monitoring --add-interface=ens192
>> firewall-cmd --runtime-to-permanent
>
> I went
2015 Nov 06
0
firewalld being stupid
On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote:
>
> Greetings,
>
> One of my biggest frustrations with CentOS 7 has been firewalld.
>
> Essentially all of the documentation just flat doesn't work.
>
> One common thing that needs to be done is to change the zone of an
interface, however I've tried:
>
> firewall-cmd
2015 Nov 17
4
firewalld being stupid
On Mon, November 16, 2015 16:39, Nick Bright wrote:
> On 11/6/2015 3:58 PM, James Hogarth wrote:
>> I have a couple of relevant articles you may be interested in ...
>>
>> On assigning the zone via NM:
>> https://www.hogarthuk.com/?q=node/8
>>
>> Look down to the "Specifying a particular firewall zone" bit ...
>> remember that if you edit the
2015 Nov 17
0
firewalld rule syntax
On 11/17/2015 11:12 AM, Nick Bright wrote:
> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32
> firewall-cmd --zone=monitoring --add-service=snmp
> firewall-cmd --zone=monitoring --add-interface=ens192
> firewall-cmd --runtime-to-permanent
I went ahead and tried this and found that the zone and service must
first be created, which requires use of:
firewall-cmd
2015 Nov 16
0
firewalld being stupid
On 11/6/2015 3:58 PM, James Hogarth wrote:
> I have a couple of relevant articles you may be interested in ...
>
> On assigning the zone via NM:
> https://www.hogarthuk.com/?q=node/8
>
> Look down to the "Specifying a particular firewall zone" bit ...
> remember that if you edit the files rather than using nmcli you must
> reload NM (or do nmcli reload) for that
2016 Jan 29
2
Where did network setup goes under setup utility in CentOS 7?
In CentOS 6.7 I ran setup command and I could configure network settings
from that "gui" utility at command line. In CentOS 7 I don't know where
this goes or how to enabled. I have installed a few packages:
yum install setuptool -y \
&& yum install system-config-network-tui -y \
&& yum install system-config-firewall* -y \
&& yum install
2015 Nov 16
3
firewalld being stupid
On 11/16/2015 01:39 PM, Nick Bright wrote:
> This is very frustrating, and not obvious. If --permanent doesn't work
> for a command, then it should give an error - not silently fail
> without doing anything!
But --permanent *did* work.
What you're seeing is the documented behavior:
--permanent
The permanent option --permanent can be used to set options
2016 Mar 24
5
firewalld question
Hi all!
I'n wondering if it is possible to have Centos-7 automatically change
firewall zones, depending on the network we conect to.
my default zone is "home" and it has some ports open that probably
shouldn't be open when I'm on someone elose's network.
so I'm thinking that if there's a way to have it always use home when
I'm at home, and external when
2015 Nov 17
0
firewalld being stupid
On 11/17/2015 8:18 AM, James B. Byrne wrote:
> This behaviour is congruent with SELinux. One utility adjusts the
> permanent configuration, the one that will be applied at startup.
> Another changes the current running environment without altering the
> startup config. From a sysadmin point of view this is desirable since
> changes to a running system are often performed for
2016 Jul 12
2
How to block routing/forwarding with firewalld
On CentOS 7 with firewalld I have a box with numerous interfaces acting
as a NAT gateway. This works but I noticed that it routes/forwards
traffic not just from my internal zone to external zone but also between
interfaces within the internal zone. How can I prevent that traffic?
I've tried adding direct and rich rules to deny the traffic but it
doesn't work. Direct:
firewall-cmd
2020 Nov 03
3
enp0s25 disconnect
I tried to boot a Centos 8.2 install CD,
one burned with Centos-8-2-2004-x86_64-boot .
In the setup, it persisted in telling me
that ethernet thing enp0s25 was disconnected.
Nyet.
'Twas working several seconds previous and is working now.
This is a showstopper.
How do I debug it?
Also, whatever else it did,
I now have environment variable
2015 Oct 21
5
Security implications of openssl098e on CentOS 7
Greetings,
I'm working with a new CentOS 7 installation, moving a system up from
CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance
requirements.
However, while setting up the CentOS 7 environment one of the closed
source applications is requiring 0.9.8. The software vendor has advised
installing package openssl098e from yum; but I'm hesitant to do so from
a
2015 Oct 21
1
Security implications of openssl098e on CentOS 7
On 10/21/2015 2:34 PM, Eero Volotinen wrote:
> Remember that rhel/centos backports fixes, so just looking version
> number is not reliable way to detect security issues.
>
> Eero
Indeed, though I can say on CentOS 5 the required configuration to be
PCI compliand is not valid in apache, and httpd will not start.
--
-----------------------------------------------
- Nick Bright
2016 Mar 10
4
Troubleshooting mailbox problems
Greetings,
I'm running Dovecot 2.0.9 on my CentOS 6 server, for several thousand
mailboxes.
Recently, I've had several reports of "my mailbox is suddenly empty,
where'd my mail go?"
I've enabled debug logging, but I'd like to make sure I have the best
level of debug to see things like "delete message" commands?
I've configured in logging:
2015 Oct 21
6
Security implications of openssl098e on CentOS 7
On 10/21/2015 1:55 PM, Andrew Holway wrote:
> Personally I would go round to that particular vendors office with a pipe
> wrench and encourage them to do better however, unless this software is
> transmitting credit card information then it seems that you could be
> safe(ish) from the regulation standpoint. It really depends on the location
> of the machine. Is it deep in the bowels
2019 Jan 21
3
how to activate the network after an installation
Hallo,
I can t find the switch to activate the network after an installation
without gui.
service network start doesn t work and I don t find any other commands.
Thanks for a hint.
Ralf
2016 Jul 14
2
CentOS7 firewalld ploblem
You need to add pop3. Please note that op3 is not secure as password and
username is transferred in plain text.
*firewall-cmd --add-service=pop3 --permanent*
*firewall-cmd --reload--*
*Eero*
2016-07-14 11:43 GMT+03:00 Subscriber <ml-lists at agoris.net.ua>:
>
> Thursday, July 14, 2016, 11:32:31 AM, you wrote:
>
> > Dear Members,
>
> > Please tell me how
2016 Jul 14
2
CentOS7 firewalld ploblem
Dear Members,
Please tell me how can I fix this problem.
Against allow imap on firewalld, I cannot access to the server.
[root at speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
telnet: connect to address 153.153.xxx.xxx: No route to host
After stopping forewalld I can access to the server.
[root at speedex ~]# telnet 153.153.xxx.xxx 110
Trying 153.153.xxx.xxx...
Connected to