[CentOS] firewalld

Sat Jan 28 15:34:16 UTC 2017
James Hogarth <james.hogarth at gmail.com>

On 28 January 2017 at 12:01, TE Dukes <tdukes at palmettoshopper.com> wrote:
>
>
>> -----Original Message-----
>> From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of James
>> Hogarth
>> Sent: Saturday, January 28, 2017 4:18 AM
>> To: CentOS mailing list
>> Subject: Re: [CentOS] firewalld
>>
>> On 28 Jan 2017 3:02 am, "TE Dukes" <tdukes at palmettoshopper.com> wrote:
>>
>>
>>
>> > -----Original Message-----
>> > From: CentOS [mailto:centos-bounces at centos.org] On Behalf Of Gordon
>> > Messmer
>> > Sent: Friday, January 27, 2017 9:23 PM
>> > To: CentOS mailing list
>> > Subject: Re: [CentOS] firewalld
>> >
>> > On 01/27/2017 06:01 PM, TE Dukes wrote:
>> > > I telnet localhost 143, I get connection refused.
>> > >
>> > > What zone is used for the local network and what zone is used for
>> > > outside access?
>> >
>> > All traffic from localhost is allowed.  No zone is involved.
>> >
>> > The zone for "outside" access depends on which interface receives the
>> > packet, and what zone you've put that interface in.  I believe that
>> defaults to
>> > "public."
>>
>>  I'm telneting in from ssh on a machine on the local network, still
> getting
>> connection refused.
>>
>> The zone apparently means something because an interface can only be on
>> one.
>> Moving it to a different zone results in the same error (same
> services/ports
>> opened in each zone).
>>
>> I may as well disable firewalld and let my router handle the firewall.
>>
>> I don't plan to use my server as a workstation.
>>
>>
>> Have a read through this and then decide on if you want to use it or not.
>>
>> You can also switch to iptables-service and mask firewalld if you want the
>> same behaviour as in C6.
>>
>> 7.3 also has nftables as a tech preview, but I've not finished my article
> on that
>> yet.
>
> I saw something about that somewhere.
>
> Did you forget a link?
>
> Thanks
>

Oops you're right I did ...

https://www.hogarthuk.com/?q=node/9