[CentOS] CentOS 7 - Firewall always allows outgoing packets?
John R Pierce
pierce at hogranch.com
Mon Aug 11 20:01:54 UTC 2014
On 8/11/2014 12:53 PM, Matthew Miller wrote:
> On Mon, Aug 11, 2014 at 08:25:46PM +0100, Always Learning wrote:
>>> > >FirewallD just builds and modifies iptables rules.
>> >Why do I need more complexity together with more learning time and more
>> >effort and conversion of existing rules ? IP Tables works fine.
>> >Absolutely no complaints.
> Do you run virtual machines on any of your systems? The required dynamic
> rules are the primary use case it solves very well. It also works as a
> desktop firewall somewhat less ideally. Since it has an API, it may someday
> be a full-featured dynamic server firewall. But, otherwise, it's probably
> not what you want for anything complicated -- and mostly harmless for
> anything simple.
it could be argued that restrictive selinux rules are a better
'outbound' firewall than anything port based.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
More information about the CentOS
mailing list