[CentOS] CentOS 7 - Firewall always allows outgoing packets?

John R Pierce pierce at hogranch.com
Mon Aug 11 20:01:54 UTC 2014


On 8/11/2014 12:53 PM, Matthew Miller wrote:
> On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote:
>>> > >FirewallD just builds and modifies iptables rules.
>> >Why do I need more complexity together with more learning time and more
>> >effort and conversion of existing rules ?  IP Tables works fine.
>> >Absolutely no complaints.
> Do you run virtual machines on any of your systems? The required dynamic
> rules are the primary use case it solves very well. It also works as a
> desktop firewall somewhat less ideally. Since it has an API, it may someday
> be a full-featured dynamic server firewall. But, otherwise, it's probably
> not what you want for anything complicated -- and mostly harmless for
> anything simple.

it could be argued that restrictive selinux rules are a better 
'outbound' firewall than anything port based.

-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast




More information about the CentOS mailing list