Help with firewall settings to only allow http or bare necc.

Support for security such as Firewalls and securing linux
Post Reply
jxl1145
Posts: 36
Joined: 2014/09/14 01:14:32

Help with firewall settings to only allow http or bare necc.

Post by jxl1145 » 2014/10/19 03:16:34

Hello,

I would like some help with the Firewall GUI.
I've been looking through the security docs for RH and online but before making changes and breaking something I would like advice.

I have a testing HOST machine.
I see there are several zone options built-in for the firewall GUI.

From the physical HOST machine I want to limit it to only needed services/ports.
Basically I need access to internet, and I need my host to be able to get security updates.

If I choose the public zone , as that is the current default can someone tell me if it as easy as just un-checking every tick box except http and everything will work fine?

I also am using KVM with 4 VM's for testing so I want to be sure I do not break these as well.

I want to run the KVM's as securely as possible so I do not know if I should use the virtaul bridge/nic from each VM through the host to get to internet, or I saw option to do masquerading? I think I can use one of the VM for masquerading or proxy to get to internet with all the vm's can't I?

Thank You,

Lowry

User avatar
Super Jamie
Posts: 310
Joined: 2014/01/10 23:44:51

Re: Help with firewall settings to only allow http or bare n

Post by Super Jamie » 2014/12/04 11:59:09

FirewallD is only for restricting incoming traffic into zones.

You can either write an iptables rule and insert it with firewall-cmd --direct, or turn firewalld off and go completely back to iptables.

Post Reply

Return to “CentOS 7 - Security Support”