Folks,
I am having a hard time grasping the concepts of 'firewalld' and the 'firewall-cmp' commands.
I want to block all 'in-bound' ports, and only poke holes inbound holes of what I need, and restrict them by source IP. I have read the following:
https://access.redhat.com/documentation ... walls.html
however, I am still lost at creating the '.xml' file in the '/etc/firewalld/service' location. What I would like to do is have implicit deny all rule .xml file in the '/etc/firewalld/server' location, and then have individual .xml files for services, such as 'ssh.xml', 'dns.xml', etc...
looking for examples and/or recommend resources to get a better understanding of this concept.
thank you
JJ
Block all incoming traffic
-
jasonjackal
- Posts: 6
- Joined: 2012/06/20 18:44:52
Re: Block all incoming traffic
Folks,
After hacking at this - the easiest method I can see is to add the interface to the 'drop' zone. This drops all inbound traffic, and specific holes can be punched in.
After hacking at this - the easiest method I can see is to add the interface to the 'drop' zone. This drops all inbound traffic, and specific holes can be punched in.