Firewalld Setup for Home based Computer
Posted: 2020/11/26 05:55:55
I am wanting to use CentOS 8 for a home based computer (since CentOS 7 has been very stable for me on a non-networked computer) that will use the usual software like Firefox, software updates etc. Understanding iptables is well beyond my amateur ability to understand. Coming from an Ubuntu networked world I have been using UFW (Uncomplicated Firewall). With the command:
I get the following response:
Which I have checked with the Shields Up! website at:
and have 'achieved a perfect TruStealth rating' with no response from any port.
I would like to reproduce this for my CentOS 8 based home computer. I have read a number of articles (please see citations, below) on configuring firewalld and have come up with the following procedure to get firewalld up and running for maximum protection:
1. Install the firewall, if necessary:
(or should it be: ?)
2. Start the firewall:
3. Test firewall is running:
I should get back 'running'
4. The default zone will likely be public:
5. List the interface that are controlled by the zone
(assume it returns eth0, my network card)
6. I THINK I would like the default zone to be 'drop' to reproduce the UFW configuration, so I want to change the zone for eth0 to 'drop' permanently :
7. Enable the firewall on system reboot:
8. Reboot the system and test firewall is running:
I should get back 'running'
9. The default zone SHOULD be 'drop':
10. The details of the default zone 'drop' is shown with:
And I assume will show this (adapted from the home zone output given by DigialOcean):
I would like to test this on a live CentOS 7 version before committing to CentOS 8 to my hard drive, but I'm assuming these commands would not differ between version 7 and 8.
Can you tell me if these steps are correct? Thank you very much for reading such a long question.
Code: Select all
sudo ufw status verbose
Code: Select all
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
Code: Select all
https://www.grc.com
I would like to reproduce this for my CentOS 8 based home computer. I have read a number of articles (please see citations, below) on configuring firewalld and have come up with the following procedure to get firewalld up and running for maximum protection:
1. Install the firewall, if necessary:
Code: Select all
sudo yum install firewalld
Code: Select all
sudo dnf install firewalld
2. Start the firewall:
Code: Select all
sudo systemctl unmask firewalld
sudo systemctl start firewalld
Code: Select all
sudo firewall-cmd --state
4. The default zone will likely be public:
Code: Select all
sudo firewall-cmd --get-default-zone
Code: Select all
sudo firewall-cmd --get-active-zones
6. I THINK I would like the default zone to be 'drop' to reproduce the UFW configuration, so I want to change the zone for eth0 to 'drop' permanently :
Code: Select all
sudo firewall-cmd --set-default-zone=drop
Code: Select all
systemctl enable firewalld
Code: Select all
sudo firewall-cmd --state
9. The default zone SHOULD be 'drop':
Code: Select all
sudo firewall-cmd --get-default-zone
Code: Select all
firewall-cmd --list-all
Code: Select all
drop
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Can you tell me if these steps are correct? Thank you very much for reading such a long question.