Hello,
I've just upgraded to ClearOS 7 and I'm trying to implement some custom firewall rules using iptables directly. I don't want to use firewalld.
On ClearOS 6 we could add rules in this way to /etc/clearos/firewall.d/local. Is there an equivalent file in ClearOS 7?
Also, I noticed after installing ClearOS 7 community that IPv6 was enabled on the system yet there were no rules in place to prevent IPv6 traffic to the system? This seems like an oversight to me. I'd expect at least a INPUT and FORWARD policy configuration to disallow traffic.
Can anyone provide some insight on how I might be able to implement custom firewall rules using the classic iptables syntax in ClearOS 7?
Thanks,
Bob
I've just upgraded to ClearOS 7 and I'm trying to implement some custom firewall rules using iptables directly. I don't want to use firewalld.
On ClearOS 6 we could add rules in this way to /etc/clearos/firewall.d/local. Is there an equivalent file in ClearOS 7?
Also, I noticed after installing ClearOS 7 community that IPv6 was enabled on the system yet there were no rules in place to prevent IPv6 traffic to the system? This seems like an oversight to me. I'd expect at least a INPUT and FORWARD policy configuration to disallow traffic.
Can anyone provide some insight on how I might be able to implement custom firewall rules using the classic iptables syntax in ClearOS 7?
Thanks,
Bob
In Firewall
Share this post:
Responses (4)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
[root@localhost ~]# /sbin/ip6tables -L -n -v
Chain INPUT (policy ACCEPT 24 packets, 2094 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all pptp+ * ::/0 ::/0
0 0 ACCEPT all tun+ * ::/0 ::/0
0 0 ACCEPT all * pptp+ ::/0 ::/0 state RELATED,ESTABLISHED
0 0 ACCEPT all * tun+ ::/0 ::/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 59 packets, 4670 bytes)
pkts bytes target prot opt in out source destination
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0 -
Accepted Answer
[root@localhost ~]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.101 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::a00:27ff:fe1e:4245 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:1e:42:45 txqueuelen 1000 (Ethernet)
RX packets 94 bytes 24209 (23.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51 bytes 8141 (7.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »