Ask Your Question
0

Question on FirewallD and Packages (DNF)

asked 2015-05-16 15:14:41 -0500

codemonkeyrawks gravatar image

I am using firewall-cmd on Fedora 21 and wanted to know if there was a way to block everything inbound and outbound except for like one port like port 500 inbound. Is there also a way I can check to see whats listening inbound and outbound?

Block All Incoming: Except port 500 Block All Outgoing

My other question is can I get a list of group packages that get installed for example if I am installing the Security Suite using DNF?

edit retag flag offensive close merge delete

Comments

Hello masteroman,

Is there a way I can block outgoing traffic and shut it down as well using firewall-cmd?

Thanks for the information.

codemonkeyrawks gravatar imagecodemonkeyrawks ( 2015-05-17 09:12:57 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-05-16 16:14:53 -0500

masteroman gravatar image

You can list package groups with command:

dnf grouplist

And install specific group with command:

dnf groupinstall "Group name"

There is default zone in firewalld called "drop" which blocks all incoming traffic. You can switch to it with:

firewall-cmd --set-default-zone=drop
firewall-cmd --reload

For allowing traffic on port 500 via firewall-cmd you'll need to issue following commands:

firewall-cmd --permanent --add-port=500/tcp
firewall-cmd --reload

To list programs that are "listening" on some port you can use command:

netstat -plnt

Which will list all programs listening for tcp connections and list their numerical addresses like described in man (8) netstat

--numeric , -n Show numerical addresses instead of trying to determine symbolic host, port or user names.

-p, --program Show the PID and name of the program to which each socket belongs.

-l, --listening Show only listening sockets. (These are omitted by default.)

[--tcp|-t]

edit flag offensive delete link more

Comments

Hello masteroman,

Is there a way I can block outgoing traffic and shut it down as well using firewall-cmd?

Thanks for the information.

codemonkeyrawks gravatar imagecodemonkeyrawks ( 2015-05-17 09:12:29 -0500 )edit

It looks like that behaviour is not supported in firewallD yet :-/ You can correct me if I'm wrong but I believe you may need to revert to IPtables to use that feature. To do that you'll need to install iptables-services and start/enable iptables.service and ip6tables.service.

masteroman gravatar imagemasteroman ( 2015-05-17 14:40:57 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2015-05-16 15:14:41 -0500

Seen: 415 times

Last updated: May 16 '15