On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
Hello all:
I am looking at the documentation of the new firewalld service in CentOS 7. It looks like no matter what I configure with it, outgoing connections are still going to be allowed. That does not seem very secure.
I always set my servers to default policy of DROP for everything incoming and outgoing and then add rules to allow very specific traffic through.
Is this possible using the new firewalld service or should I disable it and go back to using iptables?
Currently with firewalld it is not possible[1] to block outbound connections. You would need to revert back to iptables to get this behavior back. Please keep in mind that in CentOS 7, iptables is no longer just one package either.
[1] - https://lists.fedorahosted.org/pipermail/firewalld-users/2013-February/00005...