how to setup recommended firewall rules for a basic desktop system?

Support for security such as Firewalls and securing linux
Post Reply
CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

how to setup recommended firewall rules for a basic desktop system?

Post by CNoob » 2018/03/23 12:35:14

I am new on Linux and Centos7. I have installed the latest Centos7 as minimal install with KDE.
Currently (for testing) i use Virtualbox under Windows 7 to install Centos7. later it will be installed correctly without Virtualbox.
Later i want to use the Thunderbird Email Client.
I want to have a secure desktop system (as much as possible) for me as private person.

Please can anyone help me to setup firewalld to allow only the most necessary connections?
Thank you.

Currently i want to setup these rules:

Code: Select all

##################
# Regeln
##################

# IPv4 Default
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT

# Loopback-Schnittstelle Verkehr erlauben
$IPTABLES -A INPUT -i lo -j ACCEPT 
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# ICMP-Antwortpakete erlauben
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT 
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type echo-request -j ACCEPT 
$IPTABLES -A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT

# Alle Pakete zu einer bestehenden TCP-Verbindung akzeptieren
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Alle Pakete ordentlich zurückweisen
$IPTABLES -A INPUT -p tcp -j REJECT --reject-with tcp-reset 
$IPTABLES -A INPUT -j REJECT --reject-with icmp-port-unreachable
How can i setup these rules in firewalld? i it possible with gui firewall-config?
how can i disable ipv6 generally?
how to log all outgoing connections?

does anything miss? or any suggestions?
Last edited by CNoob on 2018/03/23 14:31:24, edited 6 times in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: recommended firewall settings for a basic desktop system?

Post by TrevorH » 2018/03/23 12:46:12

Yes. Do not use iptables to do anything other than look at the running rules if you run firewalld. Firewalld wants to control the rules and "knows" how they should be and will undo any manual changes you make with the iptables command. Use firewall-cmd to amend firewalld rules. Do not use iptables if you run firewalld.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

CNoob
Posts: 28
Joined: 2018/03/17 15:43:08

Re: recommended firewall settings for a basic desktop system?

Post by CNoob » 2018/03/23 12:54:41

Thank your for this hint.
But still need Rules for firewalld.

Post Reply