Block all incoming connections vi firewalld.

Support for security such as Firewalls and securing linux
Post Reply
hack3rcon
Posts: 710
Joined: 2014/11/24 11:04:37

Block all incoming connections vi firewalld.

Post by hack3rcon » 2020/06/26 05:37:03

Hello,
I want to block all incoming connections via firewalld. I want my server can see the internet(outbound) but all incoming connections blocked.
my current configuration is:

Code: Select all

$ sudo firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 80/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
Thank you.

User avatar
jlehtone
Posts: 3180
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Block all incoming connections vi firewalld.

Post by jlehtone » 2020/06/26 09:44:04

You use zone 'public'. Use zone 'block'.

hack3rcon
Posts: 710
Joined: 2014/11/24 11:04:37

Re: Block all incoming connections vi firewalld.

Post by hack3rcon » 2020/06/26 10:57:27

Thank you.
Which "zone" is good for a web server?

User avatar
jlehtone
Posts: 3180
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Block all incoming connections vi firewalld.

Post by jlehtone » 2020/06/26 18:51:36

A zone that is configured to do exactly what it needs to do.

I don't recall any of the provided zones being for "web server".
You either modify existing zone or create a new one.
For example, take the block zone and add the https service to that zone.
Or something like that.

Post Reply

Return to “CentOS 8 - Security Support”