Alex writes:
We typically offer submission, simap/spop, smtp, http/https, ssh, and domain services on our Internet servers. We also need snmp and nrpe for monitoring. Does anyone have a set of reasonable firewalld rules and understand how it interacts with fail2ban that they could share? firewalld doesn't even include all these services by default, so it's necessary to do it one port at a time... firewalld just doesn't seem to be appropriate for anything more than a desktop. I'd appreciate any ideas on how you build a firewall for fedora servers, particularly as it relates to interoperating with fail2ban and standard Internet services.
Well, you can simply start with the stock server firewall configuration. I don't recall, offhand, which ports it opens by default. Simply look at the default configuration, and make sure that all those ports are open. That's it.
Attachment:
pgpKtdnwljdF0.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
