Help with firewall settings to only allow http or bare necc.

[jxl1145]

Hello,

I would like some help with the Firewall GUI.
I've been looking through the security docs for RH and online but before making changes and breaking something I would like advice.

I have a testing HOST machine.
I see there are several zone options built-in for the firewall GUI.

From the physical HOST machine I want to limit it to only needed services/ports.
Basically I need access to internet, and I need my host to be able to get security updates.

If I choose the public zone , as that is the current default can someone tell me if it as easy as just un-checking every tick box except http and everything will work fine?

I also am using KVM with 4 VM's for testing so I want to be sure I do not break these as well.

I want to run the KVM's as securely as possible so I do not know if I should use the virtaul bridge/nic from each VM through the host to get to internet, or I saw option to do masquerading? I think I can use one of the VM for masquerading or proxy to get to internet with all the vm's can't I?

Thank You,

Lowry

[Super Jamie]

FirewallD is only for restricting incoming traffic into zones.

You can either write an iptables rule and insert it with firewall-cmd --direct, or turn firewalld off and go completely back to iptables.