|
|
Sponsored Content
Special Forums
Cybersecurity
help with firewall
Post 302347756 by fpmurphy on Wednesday 26th of August 2009 10:32:50 AM
08-26-2009
|
|
9 More Discussions You Might Find Interesting
1. Cybersecurity
Just out of curiosity, I see a lot of people here use Linux IPTables as their firewall.
Anyone here use something else like OpenBSD PF or *BSD IPF, IPFW?
I'm quite fond of OpenBSD and their Packet Filters. I find their syntax much easier to manage and from my personal experience, I find them... (5 Replies)
Discussion started by: tarballed
5 Replies
2. Cybersecurity
Would it be possible to restrict access to internet pages in the following way?
A machine:
IP = 128.1.17.123
Only pages from domains of the type "go.jp" and "ne.jp" are viewable. All others are not viewable or only partly viewable.
B machine:
IP = 128.1.17.146
Regardless of the domain... (4 Replies)
Discussion started by: mntamago
4 Replies
3. IP Networking
ON A LINUX NETWORK, HOW DO I ASSIGN IP ADDRESSES TO OTHER TERMINALS AND AFTER THAT HOW I CAN DENY/GRANT ACCESS TO TERMINALS ON A LAN TO MY TERMINAL.PLEASE SPECIFY THE EXACT COMMANDS.kINDLY HELP ME (3 Replies)
Discussion started by: ameya_shaligram
3 Replies
4. UNIX for Advanced & Expert Users
I have a PC with KUBUNTU installed on it and with 2NIC's on it (two PCI network 100Mbit cards). I want to use it as a server packet router and firewall between two computers with windows installed on them, each of this computer being connected to one different card on the KUBUNTU server. The... (1 Reply)
Discussion started by: meorfi
1 Replies
5. Homework & Coursework Questions
Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted!
1. The problem statement, all variables and given/known data:
produce a report containing an iptable firewall definition for a system requproduce a report containing an... (0 Replies)
Discussion started by: boabbyrab
0 Replies
6. AIX
:b:Hi,,
How do configure firewall in aix.. similar to linux iptable.
Rgards,
k.sumathi. (3 Replies)
Discussion started by: sumathi.k
3 Replies
7. SuSE
Is there a command line interface to the firewall? (4 Replies)
Discussion started by: jgt
4 Replies
8. Linux
Dear All
I have put my windows machine behind my centos firewall server with just one NIC. At now, the windows machine can ping 192.9.9.3 but cannot resolve valid url (like www.google.com). I have set DNS for it as well. Can you please let me know what is the missing step?
Thank you (6 Replies)
Discussion started by: hadimotamedi
6 Replies
9. Cybersecurity
Hey Guys,
I am looking for a good firewall software to implement in medium/large office, with at least 150 users.
I was hopping you guys could help me on this one.
Regards, (4 Replies)
Discussion started by: andrevicente
4 Replies
LEARN ABOUT CENTOS
firewalld.direct
FIREWALLD.DIRECT(5) firewalld.direct FIREWALLD.DIRECT(5) NAME
firewalld.direct - firewalld direct configuration file SYNOPSIS
/etc/firewalld/direct.xml DESCRIPTION
A firewalld direct configuration file contains the information about permanent direct chains and rules. These are the chains, rules and passthrough ... This is the structure of a direct configuration file: <?xml version="1.0" encoding="utf-8"?> <direct> [ <chain ipv="ipv4|ipv6" table="table" chain="chain"/> ] [ <rule ipv="ipv4|ipv6" table="table" chain="chain" priority="priority"> args </rule> ] [ <passthrough ipv="ipv4|ipv6"> args </passthrough> ] </direct> direct The mandatory direct start and end tag defines the direct. This tag can only be used once in a direct configuration file. There are no attributes for direct. chain Is an optional empty-element tag and can be used several times. It can be used to define names for additional chains. A chain entry has exactly three attributes: ipv="ipv4|ipv6" The IP family where the chain will be created. This can be either ipv4 or ipv6. table="table" The table name where the chain will be created. This can be one of the tables that can be used for iptables or ip6tables. For the possible values, please have a look at the TABLES section in the iptables man pages: For ipv="ipv4" in iptables(8), for ipv="ipv6" in ip6tables(8). chain="chain" The name of the chain, that will be created. Please make sure that there is no other chain with this name already. Please remember to add a rule or passthrough rule with an --jump or --goto option to connect the chain to another one. rule Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly four attributes: ipv="ipv4|ipv6" The IP family where the rule will be added. This can be either ipv4 or ipv6. table="table" The table name where the chain will be created. This can be one of the tables that casn be used for iptables or ip6tables. For the possible values, please have a look at the TABLES section in the iptables man pages: For ipv="ipv4" in iptables(8), for ipv="ipv6" in ip6tables(8). chain="chain" The name of the chain where the rule will be added. This can be either a built-in chain or a chain that has been created with the chain tag. priority="priority" The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. The args can be any arguments of iptables or ip6tables, that do not conflict with the table or chain attributes. If the chain name is a built-in chain, then the rule will be added to chain_direct, else the supplied chain name is used. chain_direct is created internally for all built-in chains to make sure that the added rules do not conflict with the rules created by firewalld. passthrough Is an optional element tag and can be used several times. It can be used to add rules to a built-in or added chain. A rule entry has exactly one attribute: ipv="ipv4|ipv6" The IP family where the passthrough rule will be added. This can be either ipv4 or ipv6. The args can be any arguments of iptables or ip6tables. The passthrough rule will be added to the chain directly. There is no mechanism like for the direct rule above. The user of the passthrough rule has to make sure that there will be no conflict with the rules created by firewalld. EXAMPLE
Blacklisting of the networks 192.168.1.0/24 and 192.168.5.0/24 with logging and dropping early in the raw table: <?xml version="1.0" encoding="utf-8"?> <direct> <chain ipv="ipv4" table="raw" chain="blacklist"/> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-s 192.168.1.0/24 -j blacklist</rule> <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="1">-s 192.168.5.0/24 -j blacklist</rule> <rule ipv="ipv4" table="raw" chain="blacklist" priority="0">-m limit --limit 1/min -j LOG --log-prefix "blacklisted: "</rule> <rule ipv="ipv4" table="raw" chain="blacklist" priority="1">-j DROP</rule> </direct> SEE ALSO
firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5), firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5) NOTES
firewalld home page at fedorahosted.org: http://fedorahosted.org/firewalld/ More documentation with examples: http://fedoraproject.org/wiki/FirewallD AUTHORS
Thomas Woerner <twoerner@redhat.com> Developer Jiri Popelka <jpopelka@redhat.com> Developer firewalld 0.3.9 FIREWALLD.DIRECT(5)