On Sat, Aug 9, 2014 at 8:44 AM, Jim Perrin <jperrin@xxxxxxxxxx> wrote:
>
>
> On 08/08/2014 04:55 PM, Neil Aggarwal wrote:
>> Hello all:
>>
>> I am looking at the documentation of the new firewalld service in CentOS 7.
>> It looks like no matter what I configure with it, outgoing connections are
>> still going to be allowed. That does not seem very secure.
>>
>> I always set my servers to default policy of DROP for everything incoming
>> and outgoing and then add rules to allow very specific traffic through.
>>
>> Is this possible using the new firewalld service or should I disable it and
>> go back to using iptables?
>
> Currently with firewalld it is not possible[1] to block outbound
> connections. You would need to revert back to iptables to get this
> behavior back. Please keep in mind that in CentOS 7, iptables is no
> longer just one package either.
>
>
> [1] -
> https://lists.fedorahosted.org/pipermail/firewalld-users/2013-February/000053.html
>
>
>
> --
> Jim Perrin
> The CentOS Project | http://www.centos.org
> twitter: @BitIntegrity | GPG Key: FA09AD77
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
I thought we were supposed to be moving forward, *shakeshead*, not
being able to block all outbound traffic except for what you have
called out seems really short sighted and moving us in the wrong
direction. With all that is going on today I don't need things to be
*less* secure, geez.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
