[CentOS] CentOS 7 - Firewall always allows outgoing packets?
Jim Perrin
jperrin at centos.org
Sat Aug 9 13:44:25 UTC 2014
On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
> Hello all:
>
> I am looking at the documentation of the new firewalld service in CentOS 7.
> It looks like no matter what I configure with it, outgoing connections are
> still going to be allowed. That does not seem very secure.
>
> I always set my servers to default policy of DROP for everything incoming
> and outgoing and then add rules to allow very specific traffic through.
>
> Is this possible using the new firewalld service or should I disable it and
> go back to using iptables?
Currently with firewalld it is not possible[1] to block outbound
connections. You would need to revert back to iptables to get this
behavior back. Please keep in mind that in CentOS 7, iptables is no
longer just one package either.
[1] -
https://lists.fedorahosted.org/pipermail/firewalld-users/2013-February/000053.html
--
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
More information about the CentOS
mailing list