On 3/24/2017 3:16 AM, Łukasz Posadowski wrote:
Data Wed, 22 Mar 2017 19:56:03 -0400
James Pifer <jep@xxxxxxxxxxxxxxxx> wrote:
I apologize if this has been asked and answered, but I googled and
attempted things for several hours today without success.
Iptables isn't used by default, at least not directly. Easiest way to
do dosable firewall is:
# systemctl mask firewalld
and restart the machine.
192.168.122. subnet is something for libvirt and KVM. I have it
completely disabled on my locals and VPSes without any problem.
If You write specific rules in /etc/sysconfig/iptables
and /etc/sysconfig/ip6tables, with
-F
-X
-P INPUT DROP
at the beginning, any trace of 192.168.122 will be gone. Here's mine
ipv4 rules for my local machines:
------------------------
*filter
-F
-X
-P INPUT DROP
-A INPUT -s 0/0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# localhost
-A INPUT -i lo -j ACCEPT
# ping
-A INPUT -p icmp -j ACCEPT
# ssh
-A INPUT -s 192.168.234.0/24 -p tcp --dport 22 -j ACCEPT
COMMIT
------------------------
Thanks for the help.
Basically I was making it more complex than it needed to be. Disabling
firewalld and removing the libvirt NIC did the job.
Thanks
James
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
