|
|
Sponsored Content
Operating Systems
Linux
Red Hat
Firewalld - multiple services / sources?
Post 302999341 by hergp on Saturday 17th of June 2017 05:42:53 PM
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
hello,
i'm looking for the sources of the old, original unices (v3 preferred). could someone point a link? (2 Replies)
Discussion started by: fdarkangel
2 Replies
2. Linux
I"m installing my ATI card in FC4. I'm going off of instructions that i've found. The firs step says that i need my kernel sources which i've got then it says that i've gotta unpack them so i can make links to the file later. My kernel sources that i've got are .src.rpm I've installed them but... (1 Reply)
Discussion started by: byblyk
1 Replies
3. News, Links, Events and Announcements
So, I was browsing groklaw.net, and I was surprised to read that Pamela Jones was reading the copyright notices in the UnixWare 7.1.1 source code files...
Groklaw - Santa Cruz Listed Novell as Owning the Copyrights in 1999
How can that be? Are the UnixWare 7.1.1 sources available to the... (1 Reply)
Discussion started by: pepinox
1 Replies
4. UNIX for Dummies Questions & Answers
Hi all,
What is the difference between these two comands?
sed s/a/b/ <f1 >f2
sed s/a/b/ f1 >f2
Best,
santiagorf (3 Replies)
Discussion started by: santiagorf
3 Replies
5. Red Hat
I had a doubt if any services need to be restarted if port no in /etc/services in an RHEL setup is changed. For eg, the port no of 443 for SSL may need to be changed.
I hope my query is clear whether any services need to be restarted if port no in /etc/services is changed.
Please revert with... (10 Replies)
Discussion started by: RHCE
10 Replies
6. Shell Programming and Scripting
Hi,
I just started working on a script. After my research, i found a command which can help me:
AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2.
So my script has to... (4 Replies)
Discussion started by: draghun9
4 Replies
7. SuSE
Hi,
What is the syntax to configure sntp client to have multiple time sources?
I tried to use the below syntax, but when the src1 is not reachable, the sntp does not even try to sync to src2:
# /usr/sbin/sntp -P no -r src1 src2
sntp: receive timed out after 3 seconds
sntp: receive timed... (0 Replies)
Discussion started by: Juha
0 Replies
8. Programming
I am working in IT company working for banks.I find hardly to get technology about bank IT on the internet.Consider banks all using Unix, I think I can get some help here.
Recommend some sits or books about bank IT will be very helpful!! (0 Replies)
Discussion started by: hhdzhu
0 Replies
9. Red Hat
New to firewalld, and having an issue trying to emulate my old iptable ruleset.
Server has one network interface, which I usually only allow SSH in from certain IPs, I know I can do this with rich rules but have read that this is sub-optimal.
So, I created a new zone, ABCinternal, added a... (8 Replies)
Discussion started by: fishface
8 Replies
LEARN ABOUT DEBIAN
shorewall6-nesting
SHOREWALL6-NESTING(5) [FIXME: manual] SHOREWALL6-NESTING(5) NAME
nesting - shorewall6 Nested Zones SYNOPSIS
child-zone[:parent-zone[,parent-zone]...] DESCRIPTION
In shorewall6-zones[1](5), a zone may be declared to be a sub-zone of one or more other zones using the above syntax. The child-zone may be neither the firewall zone nor a vserver zone. The firewall zone may not appear as a parent zone, although all vserver zones are handled as sub-zones of the firewall zone. Where zones are nested, the CONTINUE policy in shorewall6-policy[2](5) allows hosts that are within multiple zones to be managed under the rules of all of these zones. EXAMPLE
/etc/shorewall6/zones: #ZONE TYPE OPTION fw firewall net ipv6 sam:net ipv6 loc ipv6 /etc/shorewall6/interfaces: #ZONE INTERFACE BROADCAST OPTIONS - eth0 detect blacklist loc eth1 detect /etc/shorewall6/hosts: #ZONE HOST(S) OPTIONS net eth0:[::] sam eth0:[2001:19f0:feee::dead:beef:cafe] /etc/shorewall6/policy: #SOURCE DEST POLICY LOG LEVEL loc net ACCEPT sam all CONTINUE net all DROP info all all REJECT info The second entry above says that when Sam is the client, connection requests should first be processed under rules where the source zone is sam and if there is no match then the connection request should be treated under rules where the source zone is net. It is important that this policy be listed BEFORE the next policy (net to all). You can have this policy generated for you automatically by using the IMPLICIT_CONTINUE option in shorewall6.conf[3](5). Partial /etc/shorewall6/rules: #ACTION SOURCE DEST PROTO DEST PORT(S) ... ACCEPT sam loc:2001:19f0:feee::3 tcp ssh ACCEPT net loc:2001:19f0:feee::5 tcp www ... Given these two rules, Sam can connect with ssh to 2001:19f0:feee::3. Like all hosts in the net zone, Sam can connect to TCP port 80 on 2001:19f0:feee::5. The order of the rules is not significant. FILES
/etc/shorewall6/zones /etc/shorewall6/interfaces /etc/shorewall6/hosts /etc/shorewall6/policy /etc/shorewall6/rules SEE ALSO
shorewall6(8), shorewall6-accounting(5), shorewall6-actions(5), shorewall6-blacklist(5), shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5), shoewall6-netmap(5),shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5), shorewall6-rtrules(5), shorewall6-routestopped(5), shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tcrules(5), shorewall6-tos(5), shorewall6-tunnels(5), shorewall6-zones(5) NOTES
1. shorewall6-zones http://www.shorewall.net/manpages6/shorewall-zones.html 2. shorewall6-policy http://www.shorewall.net/manpages6/shorewall6-policy.html 3. shorewall6.conf http://www.shorewall.net/manpages6/shorewall6.conf.html [FIXME: source] 06/28/2012 SHOREWALL6-NESTING(5)