[BlueOnyx:26818] Re: Firewall question
Michael Stauber
mstauber at blueonyx.it
Sun Mar 10 19:47:19 -05 2024
Hi Brian,
> Recently upgraded and before always used iptables. As such not very
> familiar with firewalld.
>
> I usually don't allow incoming connections on port 25 (localhost only)
> but allow outgoing connections on port 25.
>
> What is a good way to implement this?
The easiest way is to use our "Firewall" PKG from the shop:
https://www.solarspeed.net/apf.html
Also see attached screenshot. You'd just use the GUI to remove 25, 465
and 587 from "Open TCP Ports" and they'd be closed to anyone. And you
could then optionally use the "Whitelist" tab to specifically grant
individual IPs or IP address ranges access to them - if need be.
Or you could use the "Rule Editor" tab to easily add custom firewall rules.
> I am used to using iptables with > the following:
>
> iptables -A INPUT -p tcp -s localhost --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j REJECT
>
>
> Any help would be appreciated.
That should do the trick:
firewall-cmd --permanent --remove-port=25/tcp
firewall-cmd --reload
You don't have to whitelist localhost access here, as localhost traffic
doesn't pass through the firewall.
--
With best regards
Michael Stauber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: firewall-pkg.png
Type: image/png
Size: 119035 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20240310/ea5c7331/attachment-0001.png>
More information about the Blueonyx
mailing list