[CentOS] PostgreSQL port accessible even though it should be blocked by firewall
Gordon Messmer
gordon.messmer at gmail.comWed Oct 31 17:32:57 UTC 2018
- Previous message: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
- Next message: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 10/30/18 8:31 AM, Frank Thommen wrote: > I am still puzzled that it is possible to circumvent firewalld so > easily. Basically it means, that firewalld is not to be trusted as > soon as containers with port forwarding are running on a system. It's hard to see this as a security or trust problem. The root user can modify the firewall, which is provided by the kernel. firewalld is just a front-end. Adding rules to the kernel's firewall is not "circumventing" the management front-end. You do have to bear in mind that the firewall-cmd output reflects the *configuration* and not the *state*. When docker adds rules, it modifies the state, but not the configuration.
- Previous message: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
- Next message: [CentOS] PostgreSQL port accessible even though it should be blocked by firewall
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list