Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Fedora 25: where is the firewall rule for sshd stored?

Hello all,

I've recently setup a fedora 25 server and I installed the bind-chroot package.

I set up bind over ssh as many folks will.

The name server runs great, zones load and is working: the resolver on the server itself can query the local zone I setup, non-authoritative queries are forwarded to the upstream server and everything is copasetic, until I have another of my machines on my local network try to resolve a name.

The query times out, no servers can be reached. I sniffed the traffic with tcpdump, and the query makes it to the server, which promptly doesn't respond.

If I kill firewalld on the server (ala "systemctl stop firewalld") and then try the query from one of my other local machines again, it works wonderfully! AHA! now I know it is the firewall just dropping the queries from server.

OK! Let us use firewall-cmd or IP tables or whatever to see where the rule for SSHD is stored (because it is working "as packaged") and then explore how to add a rule for local net and dns on port 53, right?

When I use firewall-cmd to explore existing zones and rules there are none. Everything comes back "empty", even the "direct" IPtables access.

OK, so where is the rule for sshd "stored", which I have used to configure the server since it's inception?

thanks