• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Firewall doesn't deny HTTP and HTTPS connections  RSS feed

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I just started learning firewalls recently. This tutorial said,

"The general default rule is that every service or port are denied. Each interface is then configured with some exceptions, depending on the services that must be allowed."

I checked the default zone of firewalld in my computer (Fedora Workstation) and there is no exception for HTTP (port 80) and HTTPS (port 443):

[root@localhost ~]# firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
 target: default
 icmp-block-inversion: no
 interfaces: enp6s0
 services: dhcpv6-client mdns samba-client ssh
 ports: 1025-65535/udp 1025-65535/tcp
 masquerade: no
 rich rules:

If firewalld blocks all ports by default, why I still have access to the internet?
Saloon Keeper
Posts: 5487
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Those rules are for inbound traffic, but you accessing the internet is outbound traffic - if you want to filter or block any of that, you need to do it independently of the inbound rules.
Posts: 20745
Android Eclipse IDE Java Linux Redhat Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Red Hat/CentOS/Fedora distros are very paranoid. The HTTP and HTTPS inbound ports are blocked by default. However, if I'm not mistaken, when you install webserver packages like Apache httpd and nginx the installer adds exceptions for the HTTP(S) ports. I could be wrong or at least out of date, so it's a good idea to check.

Most outbound requests are going out through a randomly-selected high-numbered port, so there usually aren't any blocking rules on the OUTPUT firewall chain.
Yeah. What he said. Totally. Wait. What? Sorry, I was looking at this tiny ad:
how do I do my own kindle-like thing - without amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!