 I am looking at a server with CentOS 7. CentOS/RHEL 7 has moved from iptables to firewalld as the default firewall handler. Firewalld is setup with zones, the default being public. I really don't have the time to learn how to set up these zones and wondering if on an internet facing server if iptables would not be just as well; I know iptables. Plus, webmin currently does not support firewalld. Anyone working with firewalld? Geeks, making the world a better place |
I am looking at a server with CentOS 7. CentOS/RHEL 7 has moved from iptables to firewalld as the default firewall handler. Firewalld is setup with zones, the default being public. I really don't have the time to learn how to set up these zones and wondering if on an internet facing server if iptables would not be just as well; I know iptables. Plus, webmin currently does not support firewalld.
Anyone working with firewalld? Probably the not everyone are here can keep the conversation on this topic. This is something complicated ... Panfilov |
Well, that will probably include me as well. I enabled firewalld and promptly got locked out of webmin. However, port 80 is open and I was able to shell into the server. There don't appear to be any useful guides on firewalld that I have been able to find. Geeks, making the world a better place |
Well, that will probably include me as well. I enabled firewalld and promptly got locked out of webmin. However, port 80 is open and I was able to shell into the server. There don't appear to be any useful guides on firewalld that I have been able to find.
With the guidance is always a problem. Developers quickly are coming forward and write a guide for them boring thing. Panfilov |
For now I decided to use iptables; I will learn firewalld later. For now I must move forward and locking down the server is more important. Geeks, making the world a better place |
Update: I am seeing issues with running iptables as the firewall on CentOS 7. From what I read, one could simply install iptables instead of firewalld and be good to go. Yet, that appears to not be the case. Geeks, making the world a better place |
Update 2. Yes, iptables can be used in place of firewalld and I am not sure that on an internet facing server that firewalld with it zones is any better than just using iptables; there is only one zone as far as I am concerned and that is the server is connected to the bleeding internet zone; and that zone will be under constant attack. I had to rewrite my ruleset differently from what worked on CentOS 6.x; perhaps due to some changes I have yet to learn on CentOS 7. Geeks, making the world a better place |
I'm toying around with the exact same server setup - CentOS 7 + Webmin
Webmin 1.760 releasedThis update includes a fix for an XSS attack on xmlrpc.cgi, a new module for managing FirewallD, German, Catalan and Norwegian translation updates, the latest version of the authentic theme, and a bunch of other small bugfixes and improvements. You can get it from the Webmin downloads page, or from our YUM or APT repositories. My opinions expressed on this site, in no way represent those of Boonex or Boonex employees. |
I have been running Centos 7 since it came out. Firewalld is not a big issue. there are only a few commands you would have to run to allow the appropriate access to files. There are many step by step guides on what they are. The biggest issue I ran into was with SELinux. I ended up just disabling it altogether (not sure how safe that is).
firewall-cmd --permanent --zone=public --add-service=http
caredesign.net |
iptables is a secured hardened firewall and can be used on CentOS 7. However, I may go back and look at firewalld Geeks, making the world a better place |
