• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Knute Snortum
  • Paul Clapham
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Ron McLeod
  • Piet Souris
  • Frits Walraven
Bartenders:
  • Ganesh Patekar
  • Tim Holloway
  • salvin francis

Firewall doesn't deny HTTP and HTTPS connections  RSS feed

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HI,all

I just started learning firewalls recently. This tutorial said,

"The general default rule is that every service or port are denied. Each interface is then configured with some exceptions, depending on the services that must be allowed."



I checked the default zone of firewalld in my computer (Fedora Workstation) and there is no exception for HTTP (port 80) and HTTPS (port 443):

[root@localhost ~]# firewall-cmd --zone=FedoraWorkstation --list-all
FedoraWorkstation (active)
 target: default
 icmp-block-inversion: no
 interfaces: enp6s0
 sources:
 services: dhcpv6-client mdns samba-client ssh
 ports: 1025-65535/udp 1025-65535/tcp
 protocols:
 masquerade: no
 forward-ports:
 source-ports:
 icmp-blocks:
 rich rules:



If firewalld blocks all ports by default, why I still have access to the internet?
 
Saloon Keeper
Posts: 5487
143
Android Firefox Browser Mac OS X Safari Tomcat Server VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Those rules are for inbound traffic, but you accessing the internet is outbound traffic - if you want to filter or block any of that, you need to do it independently of the inbound rules.
 
Bartender
Posts: 20745
124
Android Eclipse IDE Java Linux Redhat Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Red Hat/CentOS/Fedora distros are very paranoid. The HTTP and HTTPS inbound ports are blocked by default. However, if I'm not mistaken, when you install webserver packages like Apache httpd and nginx the installer adds exceptions for the HTTP(S) ports. I could be wrong or at least out of date, so it's a good idea to check.

Most outbound requests are going out through a randomly-selected high-numbered port, so there usually aren't any blocking rules on the OUTPUT firewall chain.
 
Yeah. What he said. Totally. Wait. What? Sorry, I was looking at this tiny ad:
how do I do my own kindle-like thing - without amazon
https://coderanch.com/t/711421/engineering/kindle-amazon
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!