Answer the question
In order to leave comments, you need to log in
A
A
Alexey2020-09-13 18:36:59
Alexey, 2020-09-13 18:36:59
How to block access to the dns port (53) of the entire Internet except for my own network on Centos 8?
Good afternoon!
Please tell me how the rules in firewalld must be written to block incoming packets on port 53 from the entire Internet except for your own network with the ability to add other networks to the allowed subnets.
Thanks
2 answer(s)
@kerner
@firedragon
A
Alexey, 2020-09-14 @kerner
Found a solution to my issue.
Centos 8 uses the firewalld add-on to manage iptables:
To solve my problem:
1. I found out the name of the default zone using the
sudo firewall-cmd --get-default-zone command.
2. sudo firewall-cmd --list-all --zone= " specify the name of the default zone obtained in the previous step " with this command, I saw the basic settings of firewalld.
I looked at the services line and saw dns there.
This indicates that the ports for this service are open to everyone.
To remove dns from public access, type the command sudo firewall-cmd --zone=public --remove-service=dns --permanent
3.With the help of rich rules, we prescribe an access list for our subnet
(I know that the mask is wide, but I'm too lazy to figure out which ip my provider will give me next time)
An example of a rule is this: firewall-cmd --add-rich-'rule rule family=" ipv4" source address="93.0.0.0/8" service name="dns" accept' -- --permanent
V
Vladimir Korotenko, 2020-09-13 @firedragon
Google first link, scroll halfway
https://netpoint-dc.com/blog/centos-7-firewalld/#:... .
Similar questions
S
U
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question