how to configure firewalld for internal and external ports

Support for security such as Firewalls and securing linux
Post Reply
gurutech
Posts: 60
Joined: 2014/07/09 01:35:35

how to configure firewalld for internal and external ports

Post by gurutech » 2014/09/15 21:28:23

I have several applications running on my C7 box, and some of them are "internal only", meaning that they are (or should be) accessible only from my internal network, while others are "external", where they are accessible from the internet.

Question is how can I configure the firewalld service to allow me to configure the "external" firewall with the ports of the external applications, but use the "internal" firewall for the internal applications, so they cannot be accessed from the outside? I currently have them in the "external" list, which I know is bad, but that was the only way I could get the apps to be accessible, even from the internal network.

I do have the internal apps configured to only allow connections from the local LAN, so I know no one from the outside can actually login to the apps, but I want to make sure they can't even connect.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: how to configure firewalld for internal and external por

Post by gerald_clark » 2014/09/15 21:34:42

You only port forward on the internet facing router those ports you want accessible from the internet.

gurutech
Posts: 60
Joined: 2014/07/09 01:35:35

Re: how to configure firewalld for internal and external por

Post by gurutech » 2014/09/15 23:39:41

This isn't port forwarding. I know that's done on the router.

I'm talking just opening ports on the firewall (iptables).

There are options for internal, external, home, public, trusted, work, drop, dmz, and block. (they are called "zones" within the configuration app.)

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

Re: how to configure firewalld for internal and external por

Post by gerald_clark » 2014/09/16 00:39:27

https://access.redhat.com/documentation ... walls.html

An interface is assigned to a zone.
Unless you have multiple interfaces on your machine, stick to properly configuring your edge router.

Post Reply