'Re: Firewalld is Active but no effect'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    Re: Firewalld is Active but no effect
From:       David Forrest <mapleparkdevelopment () gmail ! com>
Date:       2015-12-29 14:16:01
Message-ID: CAGKhs9jU1PyfqTVRkoXV-9QX0eShtG6NOBh2EcZHqcYBKpfh6Q () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Your OP shows that firewalld is disabled.  see
https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/ for a nice
explanation.  Try enabling it.

Amicalement,
Dave
--
Maple Park Development
Linux Systems Integration
1224 DuBois
St. Louis MO 63122-5518
USA

Tel : 01-314-941-2496
Fax :01-866-542-7647
http://www.maplepark.com/
mapleparkdevelopment@gmail.com


Ce message et les pièces jointes sont confidentiels et réservés �  l'usage
exclusif de ses destinataires. Il peut également être protégé par le secret
professionnel. Si vous recevez ce message par erreur, merci d'en avertir
immédiatement l'expéditeur et de le détruire. L'intégrité du message ne
pouvant être assurée sur Internet, la responsabilité du groupe Parc de
l'érable ne pourra être recherchée quant au contenu de ce message. Bien que
les meilleurs efforts soient faits pour maintenir cette transmission
exempte de tout virus, l'expéditeur ne donne aucune garantie �  cet égard et
sa responsabilité ne saurait être recherchée pour tout dommage résultant
d'un virus transmis.

On Tue, Dec 29, 2015 at 6:40 AM, Thomas Woerner <twoerner@redhat.com> wrote:

> Hello,
>
>
> On 12/18/2015 06:06 PM, mail.mthakkar@gmail.com wrote:
>
>> On my server firewalld is active as below:
>>
>> # systemctl status firewalld
>> firewalld.service - firewalld - dynamic firewall daemon
>>     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
>>     Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h
>> ago
>>   Main PID: 16793 (firewalld)
>>     CGroup: /system.slice/firewalld.service
>>             └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork
>> --nopid
>>
>> Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic
>> firewall daemon...
>> Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall
>> daemon.
>>
>> # firewall-cmd --list-all
>> public (default, active)
>>    interfaces: eth0
>>    sources:
>>    services: dhcpv6-client ssh
>>    ports:
>>    masquerade: no
>>    forward-ports:
>>    icmp-blocks:
>>    rich rules:
>>
>> But still traffic from all other services like http, mysql are coming in.
>> It is not getting blocked. It is looking like firewalld has no effect at
>> all.
>>
>> Server detail:
>> ==========
>> CentOS 7
>> kernel: 3.10.0-229.4.2.el7.x86_64
>> firewalld-0.3.9-14.el7.noarch
>>
>> Kindly advise.
>> _______________________________________________
>> firewalld-users mailing list
>> firewalld-users@lists.fedorahosted.org
>>
>> https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org
>>
>
> please attach the output of
> 1) iptables-save
> 2) ip6tables-save
> 3) firewall-cmd --list-all-zones
>
> Do you have trusted sources or interfaces?
> From where are you connecting to the services that are still accessible?
> Are you using IPv4 and/or IPv6?
>
> Regards,
> Thomas
>
> _______________________________________________
> firewalld-users mailing list
> firewalld-users@lists.fedorahosted.org
>
> https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org
>

[Attachment #5 (text/html)]

<div dir="ltr">Your OP shows that firewalld is disabled.   see  <a \
href="https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/">https://ma.ttias.be/enable-disable-service-at-boot-on-centos-7/</a> \
for a nice explanation.   Try enabling it.  </div><div class="gmail_extra"><br \
clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div>Amicalement,<br>Dave<br>--<br>Maple Park Development<br>Linux Systems \
Integration<br>1224 DuBois<br>St. Louis MO 63122-5518<br>USA<br><br>Tel : \
01-314-941-2496<br>Fax :01-866-542-7647<br><a href="http://www.maplepark.com/" \
target="_blank">http://www.maplepark.com/</a><br></div><a \
href="mailto:mapleparkdevelopment@gmail.com" \
target="_blank">mapleparkdevelopment@gmail.com</a><br><div>  <br><br>Ce message et \
les pièces jointes sont confidentiels et réservés �  l&#39;usage exclusif de ses \
destinataires. Il peut également être protégé par le secret professionnel. Si \
vous recevez ce message par erreur, merci d&#39;en avertir immédiatement \
l&#39;expéditeur et de le détruire. L&#39;intégrité du message ne pouvant être \
assurée sur Internet, la responsabilité du groupe Parc de l&#39;érable ne pourra \
être recherchée quant au contenu de ce message. Bien que les meilleurs efforts \
soient faits pour maintenir cette transmission exempte de tout virus, \
l&#39;expéditeur ne donne aucune garantie �  cet égard et sa responsabilité ne \
saurait être recherchée pour tout dommage résultant d&#39;un virus \
transmis.<br></div></div></div></div></div></div></div></div></div></div></div></div> \
<br><div class="gmail_quote">On Tue, Dec 29, 2015 at 6:40 AM, Thomas Woerner <span \
dir="ltr">&lt;<a href="mailto:twoerner@redhat.com" \
target="_blank">twoerner@redhat.com</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">Hello,<div><div class="h5"><br> <br>
On 12/18/2015 06:06 PM, <a href="mailto:mail.mthakkar@gmail.com" \
target="_blank">mail.mthakkar@gmail.com</a> wrote:<br> <blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"> On my server firewalld is active as below:<br>
<br>
# systemctl status firewalld<br>
firewalld.service - firewalld - dynamic firewall daemon<br>
      Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)<br>
      Active: active (running) since Thu 2015-12-17 02:04:09 CST; 1 day 8h ago<br>
   Main PID: 16793 (firewalld)<br>
      CGroup: /system.slice/firewalld.service<br>
                  └─16793 /usr/bin/python -Es /usr/sbin/firewalld --nofork \
--nopid<br> <br>
Dec 17 02:04:09 hostname systemd[1]: Starting firewalld - dynamic firewall \
                daemon...<br>
Dec 17 02:04:09 hostname systemd[1]: Started firewalld - dynamic firewall daemon.<br>
<br>
# firewall-cmd --list-all<br>
public (default, active)<br>
     interfaces: eth0<br>
     sources:<br>
     services: dhcpv6-client ssh<br>
     ports:<br>
     masquerade: no<br>
     forward-ports:<br>
     icmp-blocks:<br>
     rich rules:<br>
            <br>
But still traffic from all other services like http, mysql are coming in. It is not \
getting blocked. It is looking like firewalld has no effect at all.<br> <br>
Server detail:<br>
==========<br>
CentOS 7<br>
kernel: 3.10.0-229.4.2.el7.x86_64<br>
firewalld-0.3.9-14.el7.noarch<br>
<br>
Kindly advise.<br>
_______________________________________________<br>
firewalld-users mailing list<br>
<a href="mailto:firewalld-users@lists.fedorahosted.org" \
target="_blank">firewalld-users@lists.fedorahosted.org</a><br> <a \
href="https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org" \
rel="noreferrer" target="_blank">https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org</a><br>
 </blockquote>
<br></div></div>
please attach the output of<br>
1) iptables-save<br>
2) ip6tables-save<br>
3) firewall-cmd --list-all-zones<br>
<br>
Do you have trusted sources or interfaces?<br>
From where are you connecting to the services that are still accessible?<br>
Are you using IPv4 and/or IPv6?<br>
<br>
Regards,<br>
Thomas<div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
firewalld-users mailing list<br>
<a href="mailto:firewalld-users@lists.fedorahosted.org" \
target="_blank">firewalld-users@lists.fedorahosted.org</a><br> <a \
href="https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org" \
rel="noreferrer" target="_blank">https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org</a><br>
 </div></div></blockquote></div><br></div>



_______________________________________________
firewalld-users mailing list
firewalld-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/firewalld-users@lists.fedorahosted.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic