On Sat, Aug 9, 2014 at 8:44 AM, Jim Perrin jperrin@centos.org wrote:
On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7. It looks like no matter what I configure with it, outgoing connections are still going to be allowed. That does not seem very secure.
I always set my servers to default policy of DROP for everything incoming and outgoing and then add rules to allow very specific traffic through.
Is this possible using the new firewalld service or should I disable it and go back to using iptables?
Currently with firewalld it is not possible[1] to block outbound connections. You would need to revert back to iptables to get this behavior back. Please keep in mind that in CentOS 7, iptables is no longer just one package either.
[1] - https://lists.fedorahosted.org/pipermail/firewalld-users/2013-February/00005...
-- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I thought we were supposed to be moving forward, *shakeshead*, not being able to block all outbound traffic except for what you have called out seems really short sighted and moving us in the wrong direction. With all that is going on today I don't need things to be *less* secure, geez.