[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Free Show | Home]

Today I learned that firewalld will silently fail when you r

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
  1. Home
  2. /g/ - Technology
  3. Today I learned that firewalld will silently fail when you r
Thread replies: 11
Thread images: 1

Anonymous
2017-04-23 05:23:33 Post No. 60035653
[Report] Image search: [Google]
File: file.png (16KB, 740x85px) Image search: [Google]
file.png
16KB, 740x85px
Anonymous 2017-04-23 05:23:33 Post No. 60035653 [Report]
Today I learned that firewalld will silently fail when you run docker, because of NetworkManager and dbus cancer
What are some good alternatives for firewalld and NetworkManager? running CentOS and ufw and shorewall are in the repos

https://github.com/moby/moby/issues/16137
>>
Anonymous 2017-04-23 06:17:17 Post No.60036535
[Report]
Anonymous 2017-04-23 06:17:17 Post No.60036535 [Report]
learn iptables like a real man
>>
Anonymous 2017-04-23 06:27:53 Post No.60036718
[Report]
Anonymous 2017-04-23 06:27:53 Post No.60036718 [Report]
>>60036535
that's not webscale, dipshit
>>
Anonymous 2017-04-23 06:43:17 Post No.60036952
[Report]
Anonymous 2017-04-23 06:43:17 Post No.60036952 [Report]
>>60035653
Dockers the real cancer.
>>
Anonymous 2017-04-23 06:47:01 Post No.60037005
[Report]
Anonymous 2017-04-23 06:47:01 Post No.60037005 [Report]
>>60036718
then configure it with ansible or salt or chef or something like that

learning IPtables isn't even that hard. -A for append -I for insert and -D for delete, then --dport 22 for ssh or whatever, --proto tcp is self explanatory, -j ACCEPT or -j DROP based on whether you want to allow it or not. netfilter will run down the rules in the table from top to bottom until one matches. So insert a few accept rules at the top then append a catchall -j DROP at the end. Add your stuff for allowing already-established connections and you're good. Only table you need is INPUT, or -j DNAT if you know what you're doing. iptables is easy as fuck and we've already determined that firewalld sucks dick
>>
Anonymous 2017-04-23 07:00:10 Post No.60037205
[Report]
Anonymous 2017-04-23 07:00:10 Post No.60037205 [Report]
>>60037005
OP here, I will be looking into this. doesn't indeed look too difficult

But any replacement for that bloated shit NetworkManager?
>>
Anonymous 2017-04-23 07:04:52 Post No.60037275
[Report]
Anonymous 2017-04-23 07:04:52 Post No.60037275 [Report]
>>60035653
Install ufw.
>>
Anonymous 2017-04-23 07:04:53 Post No.60037276
[Report]
Anonymous 2017-04-23 07:04:53 Post No.60037276 [Report]
>>60037205
honestly? delete networkmanager and set your shit up with ifconfig/iwconfig/wpasupplicant as is the custom. Nobody actually uses the shit that the freedesktop people are so autistic over.
>>
Anonymous 2017-04-23 07:05:46 Post No.60037290
[Report]
Anonymous 2017-04-23 07:05:46 Post No.60037290 [Report]
>>60037205
I dunno about network manager, but here's the standard iptables setup. It should be (hopefully) understandable enough that you can adapt it to your situation
iptables -F # clear ALL the rules
iptables -I INPUT --proto tcp --dport 80 -j ACCEPT # allow http
iptables -I INPUT --proto tcp --dport 22 -j ACCEPT # allow ssh
# you NEED these next two rules, don't ask why
iptables -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -s 127.0.0.1/8 -j ACCEPT
# so far we've been inserting rules to the top of the table. This -A appends the rule to the end, so if it didn't match any of the first four rules, it will drop the packet.
iptables -A INPUT -j DROP
>>
Anonymous 2017-04-23 07:21:07 Post No.60037505
[Report]
Anonymous 2017-04-23 07:21:07 Post No.60037505 [Report]
>>60037276
>set your shit up with ifconfig/iwconfig/wpasupplicant as is the custom
CentOS comes by default with NetworkManager, that's why I was running it in the first place. Alpine uses /etc/network/interfaces, which is really comfy, but it's not there on CentOS
>>
Anonymous 2017-04-23 07:26:00 Post No.60037575
[Report]
Anonymous 2017-04-23 07:26:00 Post No.60037575 [Report]
>>60036718
No shit that's why you use configuration management to abstract it. Like someone else mentioned, use Puppet, Chef, Ansible, Salt, etc.
Thread posts: 11
Thread images: 1
[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]

I'm aware that Imgur.com will stop allowing adult images since 15th of May. I'm taking actions to backup as much data as possible.
Read more on this topic here - https://archived.moe/talk/thread/1694/


If you need a post removed click on it's [Report] button and follow the instruction.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com.
If you like this website please support us by donating with Bitcoins at 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
All trademarks and copyrights on this page are owned by their respective parties.
Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site.
This means that RandomArchive shows their content, archived.
If you need information for a Poster - contact them.