hi guys
i'm configure firewalld for outgoing pakets.
My chain view like this
Chain OUTPUT_direct (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 87.250.250.242 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 87.250.250.242 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 217.69.139.200 tcp dpt:80
4 ACCEPT tcp -- 0.0.0.0/0 217.69.139.200 tcp dpt:443
5 ACCEPT tcp -- 0.0.0.0/0 94.100.180.201 tcp dpt:443
6 ACCEPT tcp -- 0.0.0.0/0 217.69.139.201 tcp dpt:443
7 ACCEPT tcp -- 0.0.0.0/0 94.100.180.200 tcp dpt:443
8 ACCEPT tcp -- 0.0.0.0/0 94.100.180.201 tcp dpt:80
9 ACCEPT tcp -- 0.0.0.0/0 217.69.139.201 tcp dpt:80
10 ACCEPT tcp -- 0.0.0.0/0 94.100.180.200 tcp dpt:80
and when i add rule
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j DROP
i have
Chain OUTPUT_direct (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 87.250.250.242 tcp dpt:80
2 ACCEPT tcp -- 0.0.0.0/0 87.250.250.242 tcp dpt:443
3 ACCEPT tcp -- 0.0.0.0/0 217.69.139.200 tcp dpt:80
4 ACCEPT tcp -- 0.0.0.0/0 217.69.139.200 tcp dpt:443
5 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 94.100.180.201 tcp dpt:443
7 ACCEPT tcp -- 0.0.0.0/0 217.69.139.201 tcp dpt:443
8 ACCEPT tcp -- 0.0.0.0/0 94.100.180.200 tcp dpt:443
9 ACCEPT tcp -- 0.0.0.0/0 94.100.180.201 tcp dpt:80
10 ACCEPT tcp -- 0.0.0.0/0 217.69.139.201 tcp dpt:80
11 ACCEPT tcp -- 0.0.0.0/0 94.100.180.200 tcp dpt:80
why this rule added in middle chain?
Maybe firewall have anything like iptables line numbers?
p.s
ofcourse tonight i will reading http://www.firewalld.org/documentation/
thank you
firewalld rule "line numbers"
Re: firewalld rule "line numbers"
Thanks to all
i'm very stupid!
Very very stupid!
i tested rule
and i noticed this number
I changed this number to 1000 and have result!
Thank for all!
Notice i added this rule first, and then i add anothers rules
i'm very stupid!
Very very stupid!
i tested rule
Code: Select all
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 80 -j DROP
Code: Select all
filter OUTPUT 1
Thank for all!
Code: Select all
firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1000 -p tcp -m tcp --dport 80 -j DROP