• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Tim Cooke
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • paul wheaton
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Tim Holloway
  • Carey Brown
  • salvin francis

Firewall doesn't deny HTTP and HTTPS connections

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,all

I just started learning firewalls recently. This tutorial said,

"The general default rule is that every service or port are denied. Each interface is then configured with some exceptions, depending on the services that must be allowed."



I checked the default zone of firewalld in my computer (Fedora Workstation) and there is no exception for HTTP (port 80) and HTTPS (port 443):

[root@localhost ~]# firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
 target: default
 icmp-block-inversion: no
 interfaces: enp6s0
 sources:
 services: dhcpv6-client mdns samba-client ssh
 ports: 1025-65535/udp 1025-65535/tcp
 protocols:
 masquerade: no
 forward-ports:
 source-ports:
 icmp-blocks:
 rich rules:



If firewalld blocks all ports by default, why I still have access to the internet?
 
Saloon Keeper
Posts: 5775
146
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Those rules are for inbound traffic, but you accessing the internet is outbound traffic - if you want to filter or block any of that, you need to do it independently of the inbound rules.
 
Bartender
Posts: 21000
128
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Red Hat/CentOS/Fedora distros are very paranoid. The HTTP and HTTPS inbound ports are blocked by default. However, if I'm not mistaken, when you install webserver packages like Apache httpd and nginx the installer adds exceptions for the HTTP(S) ports. I could be wrong or at least out of date, so it's a good idea to check.

Most outbound requests are going out through a randomly-selected high-numbered port, so there usually aren't any blocking rules on the OUTPUT firewall chain.
 
I didn't do it. You can't prove it. Nobody saw me. The sheep are lying! This tiny ad is my witness!
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!