Question(s) default firewall in Fedora
Arthur Pemberton
pemboa at gmail.com
Wed Apr 22 02:51:40 UTC 2009
On Tue, Apr 21, 2009 at 9:17 PM, Antonio Olivares
<olivares14031 at yahoo.com> wrote:
>
> Dear fellow Fedora users,
>
> According to some users, Fedora has a default firewall that adds basic protection. There is no service "firewall", but some users have pointed out that iptables takes care of this.
>
> [root at localhost ~]# service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
> 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain FORWARD (policy ACCEPT)
> num target prot opt source destination
> 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
>
> Chain OUTPUT (policy ACCEPT)
> num target prot opt source destination
>
> [root at localhost ~]#
>
> services running at boot using chkconfig
>
> [root at localhost ~]# chkconfig --list
> NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> akmods 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> anacron 0:off 1:off 2:on 3:off 4:on 5:on 6:off
> atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> btseed 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> bttrack 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> capi 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
> crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> firstboot 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> irda 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> isdn 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> kerneloops 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> lm_sensors 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> microcode_ctl 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> multipathd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> mysqld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> netplugd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nfs 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> nscd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> nvidia 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> pcscd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rpcbind 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> rpcgssd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> rpcidmapd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> rpcsvcgssd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> setroubleshoot 0:off 1:off 2:off 3:on 4:on 5:on 6:off
> slmodemd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> smolt 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> snmpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
> winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> wine 0:off 1:off 2:on 3:on 4:on 5:on 6:off
> wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
> ypbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
>
>
> Which traffic if any is allowed to come in to our computers if and when we do get on the internet?
>
> We can use system-config-??? to configure simple iptables to change stuff around and/or get webmin?
>
> I know that by default Fedora provides a good basic firewall, but are there any howto's/readme's as to how to learn more about Firewalls in Fedora.
>
> Thanks,
>
> Antonio
You will want system-config-firewall (or system-config-secuirtylevel
that used to be the name). I'm not sure how much i can tell you until
you at least try that out.
--
Fedora 9 : sulphur is good for the skin
( www.pembo13.com )
More information about the fedora-list
mailing list