CentOS7 firewall?

scottalanmiller

@coliver said:

@johnhooks said:

@coliver said:

@johnhooks said:

@anonymous said:

@JaredBusch I see. But why would you decrease security out of the box? That seems strange to do....

The firewall is still there (iptables) they just removed the management interface for some reason.

I thought CentOS 7 used Firewalld and not IPTables?

From what I've understood firewalld uses iptables, just makes it easier to manage. Kind of like ufw on Ubuntu.

It seems like they are two different applications but there isn't much info about it on the Fedora wiki.

https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Dynamic_firewall_with_FirewallD

http://www.firewalld.org/

If you look at the project itself, they self describe as a management tool, not as a firewall.

JaredBusch

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

coliver

@scottalanmiller said:

@coliver said:

@johnhooks said:

@coliver said:

@johnhooks said:

@anonymous said:

@JaredBusch I see. But why would you decrease security out of the box? That seems strange to do....

The firewall is still there (iptables) they just removed the management interface for some reason.

I thought CentOS 7 used Firewalld and not IPTables?

From what I've understood firewalld uses iptables, just makes it easier to manage. Kind of like ufw on Ubuntu.

It seems like they are two different applications but there isn't much info about it on the Fedora wiki.

https://fedoraproject.org/wiki/FirewallD?rd=FirewallD/#Dynamic_firewall_with_FirewallD

http://www.firewalld.org/

If you look at the project itself, they self describe as a management tool, not as a firewall.

That's what I was looking for. Thanks.

Ok right from their main page - apparently my Google Fu isn't very good today:

Support for iptables, ip6tables, ebtables firewall backends

Alex Sage

@JaredBusch said:

no, it is not installed at all see my above screen shot..

He is talking about iptables...

JaredBusch

And it is there in the minimal from DVD ISO.. So that is bad on CentOS for not having minimal be the same.

https://i.imgur.com/WjxQaYT.jpg

Alex Sage

@JaredBusch Can you see what else is missing?

Alex Sage

Need to know if I need to rebuild all my servers

Alex Sage

So I guess the lesson I learned is always use the full DVD???

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

The firewall (iptables) is installed according to @anonymous screen shot. And on a new build from an hour ago that I am testing. But firewalld (the management tool) is not. But iptables won't start, which is the bigger problem. It looks like no scripts for starting it are installed.

MattSpeller

@anonymous said:

So I guess the lesson I learned is always use the full DVD???

Or at least be really sure of whats on each version

Alex Sage

@MattSpeller a minimal install should be minimal install regardless of media used.

scottalanmiller

@anonymous said:

@MattSpeller Minimal should be Minimal regardless of media used.

Should definitely be the same.

JaredBusch

@JaredBusch said:

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

and wow that post keeps moving down..

scottalanmiller

The current status is that a default minimal install leaves the system exposed. My only guess is that they decided that with the move to a new management interface that they decided that people needed to choose which to install before moving forward no matter what?

MattSpeller

@anonymous said:

@MattSpeller a minimal install should be minimal install regardless of media used.

Ah I didn't understand that was the issue, thought you were doing full install from full media

scottalanmiller

@JaredBusch said:

@JaredBusch said:

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

and wow that post keeps moving down..

Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.

Alex Sage

Should we contact someone about this? Does anyone care? It seems like a huge security problem to me, but I tend to over react

scottalanmiller

@anonymous said:

Need to know if I need to rebuild all my servers

Just install the firewalld component, I would assume.

JaredBusch

@scottalanmiller said:

@JaredBusch said:

@JaredBusch said:

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

and wow that post keeps moving down..

Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.

did an F5 and it stopped doing that.

scottalanmiller

@JaredBusch said:

@scottalanmiller said:

@JaredBusch said:

@JaredBusch said:

@scottalanmiller said:

@anonymous said:

@scottalanmiller But it is no firewall is running by default

Ah, it is installed but not running.

no, it is not installed at all see my above screen shot..

and wow that post keeps moving down..

Yeah, I htought that you were posting it over and over. Then I realized it just woudn't leave teh bottom . Very odd.

did an F5 and it stopped doing that.

Yeah, same here. Very weird that we both got the same glitch and it appeared to be on the client side!