Page 1 of 1

Block all incoming connections vi firewalld.

Posted: 2020/06/26 05:37:03
by hack3rcon
Hello,
I want to block all incoming connections via firewalld. I want my server can see the internet(outbound) but all incoming connections blocked.
my current configuration is:

Code: Select all

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 80/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
Thank you.

Re: Block all incoming connections vi firewalld.

Posted: 2020/06/26 09:44:04
by jlehtone
You use zone 'public'. Use zone 'block'.

Re: Block all incoming connections vi firewalld.

Posted: 2020/06/26 10:57:27
by hack3rcon
Thank you.
Which "zone" is good for a web server?

Re: Block all incoming connections vi firewalld.

Posted: 2020/06/26 18:51:36
by jlehtone
A zone that is configured to do exactly what it needs to do.

I don't recall any of the provided zones being for "web server".
You either modify existing zone or create a new one.
For example, take the block zone and add the https service to that zone.
Or something like that.