Showing posts from August, 2018

Predefined zones within firewalld

In order from least trusted to most trusted, the predefined zones within firewalld are:

drop: The lowest level of trust. All incoming connections are dropped without reply and only outgoing connections are possible.block: Similar to the above, but instead of simply dropping connections, incoming requests are rejected with an icmp-host-prohibited or icmp6-adm-prohibited message.public: Represents public, untrusted networks. You don't trust other computers but may allow selected incoming connections on a case-by-case basis.external: External networks in the event that you are using the firewall as your gateway. It is configured for NAT masquerading so that your internal network remains private but reachable.internal: The other side of the external zone, used for the internal portion of a gateway. The computers are fairly trustworthy and some additional services are available.dmz: Used for computers located in a DMZ (isolated computers that will not have access to the rest of your ne…