15 Aug
2022
15 Aug
'22
1:10 p.m.
Dear All
My VPS is on Debian 11. I cannot get firewalld to work. For example when
I stop firewalld by
systemctl stop firewalld
I would expect that I no longer can ssh into my VPS but I still can.
Does anyone know how to tell the system to use firewalld?
Regards,
Sam
14 Sep
14 Sep
8:02 p.m.
On 15/08/2022 14:10, Samuel Bächler via BitFolk Users wrote:
Dear All
My VPS is on Debian 11. I cannot get firewalld to work. For example when
I stop firewalld by
systemctl stop firewalld
I would expect that I no longer can ssh into my VPS but I still can.
That's because when you stop firewalld, there is no firewall any more :)
The default policy is "allow"
Does anyone know how to tell the system to use
firewalld?
start it and add some rules.
There will be some default zones defined by the debian installation
for example, to see which "zones" (sets of rules associated with an
interface, usually) firewalld is currently using:
# firewall-cmd --get-active-zones
public
interfaces: eth0
zone2
interfaces: eth0:1
You can get the rules (which firewalld sees as "services" or "ports")
for a given service like this:
# firewall-cmd --info-zone public
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: http https imaps smtp smtp-submission ssh
ports: 2022/tcp 1025/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
you can see what a particular service means like this:
# firewall-cmd --info-service smtp-submission
smtp-submission
ports: 587/tcp
protocols:
source-ports:
modules:
destination:
includes:
helpers:
To see all the zones and rules:
# firewall-cmd --list-all-zones
[... lots of output, probably ...]
Lots more (very good) docs here:
https://firewalld.org/documentation/
Stuart
829
days inactive
859
days old
1 comments
2 participants
participants (2)
-
Samuel Bächler -
Stuart Sears