Results 1 to 10 of 10

Thread: Setting up secure firewalls

Hybrid View

  1. #1
    Join Date
    Jul 2012
    Location
    SuperUserLand
    Posts
    535

    Default Setting up secure firewalls

    So I have been messing around with firewalld in fedora and a few iptable frontends in ubuntu...


    but


    I still haven't found a way to restrict traffic just they way I like: only allowing outgoing connections from ports 80 and 443.


    not only that what I really like is interactive firewalls that flag every single process that tries to establish a connection.

    Is there anything like that in the linux ecosystem?

    firewallbuilder just confused the shit out of me and UGFW doesn't allow whitelisting only blacklisting.


    Fedora's firewall seems good but even when I deselect all services and reject icmp I don't really know how to restrict it to ports 80 and 443

  2. #2
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,994

    Default

    firewallbuilder just confused the shit out of me and UGFW doesn't allow whitelisting only blacklisting.

    Fedora's firewall seems good but even when I deselect all services and reject icmp I don't really know how to restrict it to ports 80 and 443
    This translates to
    "The GUIs won't let me do what I want"

    The solution
    man iptables


    This post brought to you in writing style very similar to that of Pallidus

  3. #3
    Join Date
    Jul 2012
    Location
    SuperUserLand
    Posts
    535

    Default

    Where can I find a list of console codes I can copy and paste to configure iptables


    ????

  4. #4
    Join Date
    Jul 2009
    Location
    Germany
    Posts
    480

    Default

    Quote Originally Posted by Pallidus View Post
    Where can I find a list of console codes I can copy and paste to configure iptables


    ????
    If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

  5. #5
    Join Date
    Feb 2008
    Location
    Linuxland
    Posts
    4,994

    Default

    In "man iptables". Perhaps you didn't read my post

  6. #6
    Join Date
    Jul 2012
    Location
    SuperUserLand
    Posts
    535

    Default

    Quote Originally Posted by droste View Post
    If you care about security you shouldn't just paste commands you don't understand from the internet in your terminal ;-) AFAIK fedora has the iptables setup in way where everything is blocked. If you only want 80 and 443 you just have to whitelist ("trusted service") these ports with 'system-config-firewall'.

    this is what I don't get:


    in firewalld they show you a bunch of services and say "tick the services that you want so they are available everyhwere etc etc"

    now I untick ssh and mdns and the like

    actually I untick everything, including http and https


    and firefox still works


    ???????????'


    shouldn't I, by unticking http and https not be able to block them? or do they mean https as a server?

  7. #7
    Join Date
    Jul 2012
    Location
    SuperUserLand
    Posts
    535

    Default


    see here it is unticketed and firefox is still working

    is fedora firewalld's broken?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •