How can I close a port by "firewall-cmd"? Can "Disable" mean "close"? For example:
Code: Select all
# firewall-cmd --permanent --disable-port=445/tcp.
Thank you.
Code: Select all
# firewall-cmd --permanent --disable-port=445/tcp.
Thank you.
"Everything is closed by default." , is you mean inbound connections? Firewalls can't support blocking outbound connections?hunter86_bg wrote: ↑2019/01/02 21:02:33Everything is closed by default. Egress (outbound) connections are allowed by default and I'm not sure if firewalls supports egress restrictions.
Code: Select all
iptables -S
iptables -t nat -S
iptables -t mangle -S
Code: Select all
-P OUTPUT ACCEPT
-N OUTPUT_direct
-A OUTPUT -j OUTPUT_direct
Thank you.jlehtone wrote: ↑2019/01/03 12:20:33firewalld gives rules for kernel. You can peek what it did with:Yes, the default outbound rules are:Code: Select all
iptables -S iptables -t nat -S iptables -t mangle -S
That is "ACCEPT".Code: Select all
-P OUTPUT ACCEPT -N OUTPUT_direct -A OUTPUT -j OUTPUT_direct
You can filter outgoing traffic with firewalld direct rules.