Code: Select all
sudo ufw status verbose
Code: Select all
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
Code: Select all
https://www.grc.com
I would like to reproduce this for my CentOS 8 based home computer. I have read a number of articles (please see citations, below) on configuring firewalld and have come up with the following procedure to get firewalld up and running for maximum protection:
1. Install the firewall, if necessary:
Code: Select all
sudo yum install firewalld
Code: Select all
sudo dnf install firewalld
2. Start the firewall:
Code: Select all
sudo systemctl unmask firewalld
sudo systemctl start firewalld
Code: Select all
sudo firewall-cmd --state
4. The default zone will likely be public:
Code: Select all
sudo firewall-cmd --get-default-zone
Code: Select all
sudo firewall-cmd --get-active-zones
6. I THINK I would like the default zone to be 'drop' to reproduce the UFW configuration, so I want to change the zone for eth0 to 'drop' permanently :
Code: Select all
sudo firewall-cmd --set-default-zone=drop
Code: Select all
systemctl enable firewalld
Code: Select all
sudo firewall-cmd --state
9. The default zone SHOULD be 'drop':
Code: Select all
sudo firewall-cmd --get-default-zone
Code: Select all
firewall-cmd --list-all
Code: Select all
drop
target: default
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Can you tell me if these steps are correct? Thank you very much for reading such a long question.