LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Iptables and firewalld problem
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-30-2018, 10:34 AM   #1
rtome
LQ Newbie
 
Registered: Mar 2009
Posts: 2

Rep: Reputation: 0
Iptables and firewalld problem

Hello,

Im new on centos server and im trying to disable firewalld and work with iptables

So i read about it and did the following :

Disable firewalld , this is my systemctl status firewalld

● firewalld.service
Loaded: masked (/dev/null; bad)
Active: inactive (dead)

And this is my iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:domain state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:domain state NEW,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:domain state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:domain state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:domain state ESTABLISHED


Why is my DNS not working ? I do not understand .
 
Old 04-30-2018, 03:04 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
In your INPUT chain you have:
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

You then have your other statements below that but that one is saying reject everything so nothing gets to the other rules in that chain. You need to make the above rule the LAST one in your INPUT chain.

You also want to verify domain = port 53 in /etc/services. (It normally is but checking doesn't hurt.)

You really ought to learn to do firewalld - it isn't that difficult. I use it on my DNS server running RHEL7.
 
1 members found this post helpful.
Old 05-01-2018, 09:37 AM   #3
rtome
LQ Newbie
 
Registered: Mar 2009
Posts: 2

Original Poster
Rep: Reputation: 0
Tanks man!!!

I did not see this rule, or rather, I saw but did not notice that it effected the other.

I have done some rules with firewalld but i'm studying to do the LFCE exam so im testing a lot of thing
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables and firewalld CoyoteKG Linux - Newbie 3 10-07-2016 10:03 PM
iptables and firewalld on RHEL7/Centos7 sigint-ninja Linux - Newbie 5 05-26-2016 08:15 AM
Replace IPTables with Firewalld? acidblue CentOS 5 08-06-2015 07:39 PM
[SOLVED] iptables not active/firewalld is - my web server is working but I have no idea why. Skiph Linux - Newbie 6 03-25-2015 02:16 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 03:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration