Using Zones in Firewalld to Block Outbound Access

Issues related to configuring your network
User avatar
TrevorH
Site Admin
Posts: 33265
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Using Zones in Firewalld to Block Outbound Access

Post by TrevorH » 2023/09/13 16:09:17

I don't see the point in leaving firewall* packages installed if you have switched to using iptables or nftables. It just creates confusion for anyone that comes along later and has to work out what's in use.

I'd just yum remove firewall\* and then read what it says it's going to do before replying Y.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

yildizabdullah
Posts: 13
Joined: 2023/09/08 16:00:39

Re: Using Zones in Firewalld to Block Outbound Access

Post by yildizabdullah » 2023/09/13 19:38:20

jlehtone wrote:
2023/09/13 14:45:36
yildizabdullah wrote:
2023/09/12 13:37:59
Is there any side effect of leaving the state of the firewalld.service as it is?
Do show output of systemctl status firewalld

Code: Select all

# systemctl status firewalld
● firewalld.service
   Loaded: masked (/dev/null; bad)
   Active: inactive (dead)

Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:17 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:18 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:18 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:24:20 centos7-server systemd[1]: Cannot add dependency job f....
Sep 13 22:36:37 centos7-server systemd[1]: Cannot add dependency job f....
Warning: firewalld.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Hint: Some lines were ellipsized, use -l to show in full.

User avatar
jlehtone
Posts: 4549
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Using Zones in Firewalld to Block Outbound Access

Post by jlehtone » 2023/09/14 06:53:05

You could run that systemctl daemon-reload as the output suggests.

The firewalld.service seems to be masked, so everything should be ok.


I do agree with Trevor that complete removal of FirewallD is the most clean option.

The removal of firewall* on CentOS 7 system probably removes:
firewall-applet, firewall-config, firewalld, firewalld-filesystem
and packages that require those, e.g.
anaconda-core, anaconda-gui, anaconda-tui, initial-setup, initial-setup-gui

The anaconda and initial-setup were used only on initial install of the system, so it should be ok to remove the firewalld.
Unless in your system some more important packages would get removed ...

yildizabdullah
Posts: 13
Joined: 2023/09/08 16:00:39

Re: Using Zones in Firewalld to Block Outbound Access

Post by yildizabdullah » 2023/09/14 18:03:41

jlehtone wrote:
2023/09/14 06:53:05
You could run that systemctl daemon-reload as the output suggests.

The firewalld.service seems to be masked, so everything should be ok.


I do agree with Trevor that complete removal of FirewallD is the most clean option.

The removal of firewall* on CentOS 7 system probably removes:
firewall-applet, firewall-config, firewalld, firewalld-filesystem
and packages that require those, e.g.
anaconda-core, anaconda-gui, anaconda-tui, initial-setup, initial-setup-gui

The anaconda and initial-setup were used only on initial install of the system, so it should be ok to remove the firewalld.
Unless in your system some more important packages would get removed ...
Thank you for your support.

Post Reply