[CentOS] firewall?

Ljubomir Ljubojevic office at plnet.rs
Sat Jul 16 22:02:24 UTC 2011


Markus Falb wrote:
> On 16.7.2011 19:37, Ljubomir Ljubojevic wrote:
>> Markus Falb wrote:
>>> On 16.7.2011 19:03, Ljubomir Ljubojevic wrote:
>>>
>>>> All firewalls (on Linux at least) are by default closed, and you need 
>>>> knowledge to punch through the wholes for your public services.
>>> This is complete nonsense! You are free to configure a default policy of
>>> accept and forbid only selected services.
>>>
>> Please do not pull sentences out of context. Keith wrote:
>>
>>  > Which is why one poster mentioned that you need to be
>>  > familiar with IPtables and Networking before trying to make
>>  > your machine(s) network(s) secure?
>>
>> and I replied in the sense that he only needs to turn his firewall ON to 
>> be secure. "by default" means exactly that, I was not writing about you 
>> being able to change *default* configuration!
>>
>> If you turn firewall ON (in GUI for example, and especially in 
>> RHEL/CentOS ), without any allowed service,  your system/network will be 
>> protected. If you do allow some services, the rest of the services on 
>> your system/network will be protected.
> 
> So now you are talking about turning firewall on yourself manually (in
> GUI for example) ? Uh, not my definition of default.
> 
> Anyway, problem here might be that the term "default" is overloaded. You
> were talking of defaults in linux firewalls generally. Now you are
> talking about default behaviour of some tools not further specified. I
> remember third party tools like shorewall beeing mentioned and there
> exist others like fwbuilder and possibly others that you and I never
> heard of and possibly with unheard default settings. But you could also
> refer to a "default install". With respect to RHEL/CentOS you are
> talking about anaconda only then.
> 
> With anaconda one can miss to enable firewall easily. On could get hands
> on a already installed system. Imagine there is no iptables installed.
> How do you activate firewall ? Something like that ?
> 
> # yum install iptables
> # service iptables start
> 
> What have you now ? Nothing. Default policies (finally we have another
> meaning of default) with ACCEPT and no rules. One has to do rules
> himself. No defaults.
> 
If you have no iptables, then you do not have firewall software either.
How many beginners do you know that install with kickstart files?
When you install CentOS manually, using default server template, you 
will get iptables and firewall (In GUI under 
System->Administration->Security level and Firewall). If you turn it ON, 
activate it, you will be protected, and you do not need to know iptables 
to *be* safe. Similar thing is on Fedora, Ubuntu/Mint and I guess Debian

That is what I call default firewall on default installation (just click 
next to accept default role of the system as "Server"). And just 
activating firewall (enabling it) will make your system secure.

If there is any other definition of default then "accepting offered 
option/setting", please enlighten me so I can learn new vocabulary.

Ljubomir



More information about the CentOS mailing list