FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Found an open source bash intrusion detection script.
It blocks the port being accessed with an IP table command.
My experience a couple of years back with IP tables kept all commands in about 3 different groups. I wonder if this script would even work because the Fed 23 Firewall is in the kernel so would an IP table command even work?
I think you are not giving enough information for us to try to assist you with the problem you seem to have.
What I understood is that you have a bash intrusion detection script that block ports by using iptables command.
And actually you are wondering it will work on Fedora 23.
I do not know to which 3 different groups you are referring to that keep iptables commands.
And why you think that just in Fedora 23 is the firewall kept in the kernel. Packets have always been handled by the kernel, in Fedora 23 and as well in previous versions.
That said, in Fedora 23 all the ports are closed by default in the public zone with the firewalld daemon.
The exceptions are DHCP for IPv6 and SSH.
While you should not really be concerned about the first, the last can be a concern if you are using weak passwords that can be easily guessed or brute forced attacked.
By default Fedora 23 does not protect you against those threats.
Maybe you can just remove SSH from being accessible to your machine, if do not need such an access.
I do not know to which 3 different groups you are referring to that keep iptables commands.
Maybe the chains - INPUT, OUTPUT, FORWARD ?.
To the OP - try the following list command, it should be enough to convince you to leave iptables well alone unless you are really comfortable with it- at least on Fedora
@syg00: As I said I have built my own IPTABLE firewall but after a couple of years that stuff get fuzzy.
@tshikose: the question is as I am too distant from IPTABLE use and especially in F23: can an IPtable command function alone and independent from the INPUT, OUTPUT, FORWARD, NAT groups of the firewall. My feeling is that it can't. Especially with the kernel based one which may/not be IPTABLE in F23. Hopefully that clarifies the query.
BTW I have read that unless one is really using IPV6 it should be closed too. Also I have 2 open ports in F23 631 and 53 if that is meaningful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
