similar to: firewalld being stupid

On 6 November 2015 at 21:49, Pete Travis <lists at petetravis.com> wrote: > On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: >> >> Greetings, >> >> One of my biggest frustrations with CentOS 7 has been firewalld. >> >> Essentially all of the documentation just flat doesn't work. >> >> One common

Nick Bright wrote: > On 11/17/2015 8:18 AM, James B. Byrne wrote: >> This behaviour is congruent with SELinux. One utility adjusts the >> permanent configuration, the one that will be applied at startup. >> Another changes the current running environment without altering the >> startup config. From a sysadmin point of view this is desirable since >> changes to a

On 11/6/2015 3:58 PM, James Hogarth wrote: > I have a couple of relevant articles you may be interested in ... > > On assigning the zone via NM: > https://www.hogarthuk.com/?q=node/8 > > Look down to the "Specifying a particular firewall zone" bit ... > remember that if you edit the files rather than using nmcli you must > reload NM (or do nmcli reload) for that

Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/11/15 17:29, Dennis Jacobfeuerborn wrote: > On 17.11.2015 17:51, m.roth at 5-cent.us wrote: >> Nick Bright wrote: >>> On 11/17/2015 8:18 AM, James B. Byrne wrote: >>>> This behaviour is congruent with SELinux. One utility adjusts >>>> the permanent configuration, the one that will be applied at

In CentOS 6.7 I ran setup command and I could configure network settings from that "gui" utility at command line. In CentOS 7 I don't know where this goes or how to enabled. I have installed a few packages: yum install setuptool -y \ && yum install system-config-network-tui -y \ && yum install system-config-firewall* -y \ && yum install

On 11/17/2015 8:18 AM, James B. Byrne wrote: > This behaviour is congruent with SELinux. One utility adjusts the > permanent configuration, the one that will be applied at startup. > Another changes the current running environment without altering the > startup config. From a sysadmin point of view this is desirable since > changes to a running system are often performed for

I'm still learning firewalld obviously, and I am having trouble groking the documentation to understand how to do this. I know I could do an iptables direct, but that doesn't seem like the "right" way to do it. What I'm trying to do is allow a specific service, only for a specific ip. Effectively, SNMP should be allowed form a specific IP address (the systems monitor).

On 17 Nov 2015 17:30, "Nick Bright" <nick.bright at valnet.net> wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >> firewall-cmd --runtime-to-permanent > > I went

On 11/16/2015 01:39 PM, Nick Bright wrote: > This is very frustrating, and not obvious. If --permanent doesn't work > for a command, then it should give an error - not silently fail > without doing anything! But --permanent *did* work. What you're seeing is the documented behavior: --permanent The permanent option --permanent can be used to set options

On CentOS 7 with firewalld I have a box with numerous interfaces acting as a NAT gateway. This works but I noticed that it routes/forwards traffic not just from my internal zone to external zone but also between interfaces within the internal zone. How can I prevent that traffic? I've tried adding direct and rich rules to deny the traffic but it doesn't work. Direct: firewall-cmd

On 17.11.2015 17:51, m.roth at 5-cent.us wrote: > Nick Bright wrote: >> On 11/17/2015 8:18 AM, James B. Byrne wrote: >>> This behaviour is congruent with SELinux. One utility adjusts the >>> permanent configuration, the one that will be applied at startup. >>> Another changes the current running environment without altering the >>> startup config. From

On Nov 6, 2015 3:31 PM, "Nick Bright" <nick.bright at valnet.net> wrote: > > Greetings, > > One of my biggest frustrations with CentOS 7 has been firewalld. > > Essentially all of the documentation just flat doesn't work. > > One common thing that needs to be done is to change the zone of an interface, however I've tried: > > firewall-cmd

Hi all! I'n wondering if it is possible to have Centos-7 automatically change firewall zones, depending on the network we conect to. my default zone is "home" and it has some ports open that probably shouldn't be open when I'm on someone elose's network. so I'm thinking that if there's a way to have it always use home when I'm at home, and external when

You need to add pop3. Please note that op3 is not secure as password and username is transferred in plain text. *firewall-cmd --add-service=pop3 --permanent* *firewall-cmd --reload--* *Eero* 2016-07-14 11:43 GMT+03:00 Subscriber <ml-lists at agoris.net.ua>: > > Thursday, July 14, 2016, 11:32:31 AM, you wrote: > > > Dear Members, > > > Please tell me how

I am familiar with using commands like: firewall-cmd --permanent --add-service=http To enable firewalld services. I am also aware that this is through xml 'scripts' in: /usr/lib/firewalld/services/ But what I find interesting is what services are there and which are not. I went a'lookin with: grep "port=" /usr/lib/firewalld/services/*|more And found some like:

Ok. try following: firewall-cmd --add-port=110/tcp --permanent firewall-cmd --reload Eero 2016-07-14 12:22 GMT+03:00 ???? <tadao at creative-japan.org>: > I cannot add pop3 with following error. > # firewall-cmd --permanent --zone=external --add-service=pop3 > Error: INVALID_SERVICE: pop3 > > And cannot access to 143 too. > telnet 153.153.xxx.xxx 143 > Trying

Dear Members, Please tell me how can I fix this problem. Against allow imap on firewalld, I cannot access to the server. [root at speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... telnet: connect to address 153.153.xxx.xxx: No route to host After stopping forewalld I can access to the server. [root at speedex ~]# telnet 153.153.xxx.xxx 110 Trying 153.153.xxx.xxx... Connected to

> -----Original Message----- > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Pete Biggs > Sent: Saturday, January 28, 2017 6:02 AM > To: centos at centos.org > Subject: Re: [CentOS] firewalld > > > > > > The zone apparently means something because an interface can only be on > one. > > Moving it to a different zone results in the same

Matthew Miller wrote: >> I'n wondering if it is possible to have Centos-7 automatically change >> firewall zones, depending on the network we conect to. > The way to do this is changing the zone for the network in > NetworkManager. Are there two different ways of setting firewalld zones, in firewalld and in NetworkManager? Which is taken if they differ? > (This works