IP Table Rules and Policy

Folks,

New to Fedora but fairly experienced with Ubuntu.

Note that the normal installation of KDE starts with a lot of iptable rules, being used to Ubuntu allowing everything I am used to entering my own simple rules so issued the -F to flush the rules, got rid of many but quite a few remained.

I thought iptables -F left just the POLICY in place.

Geoff

1 Like

Fedora uses firewalld by default:

Raw iptables command may break firewalld runtime configuration, so you shouldn’t use it.

You can achieve it with this method:

sudo firewall-cmd --set-default-zone=trusted
sudo firewall-cmd --reload
2 Likes

@vgaetera, if I’m reading @geffers’s post correctly, he actually doesn’t want his system allowing everything.

I absolutely second this!

@geffers, using/configuring firewalld is actually very simple (at least for simple things), the link @vgaetera provided will get you started in no time. And if you’re confused or want additional info – please don’t hesitate to ask.

And primarily I wanted to share this: Fedora’s default firewall configuration isn’t very good either – at least I don’t like it at all. By default for Fedora Workstation all the ports above 1064 are open.

You can verify it’s the case using this command:

sudo firewall-cmd --get-default-zone

If the answer is FedoraWorkstation – then the situation is what I’ve said above.

The simplest way to “shields up!” so to say – is to set default firewalld zone to public:

sudo firewall-cmd --set-default-zone=public
sudo firewall-cmd --runtime-to-permanent

Take notice that public zone by default has port 22 open for sshd, also muticast DNS and dhcpc6-client open as well. You can easily tweak it, details are in @vgaetera’s link.

Me personally, I use my own firewalld zone (derived from public) with just the ports/services I need open. It’s very easy to do (and keep, and apply to new computers) with firewalld. I can provide additional pointers on how to keep/transfer your own customized configuration easily if you need it.

3 Likes