Firewalld Cloudflare Proxy Whitelisting
But again, my suspicion it would be the order of priority that makes it all fall apart.
MIGHT be able to fix that, if you insist on the two drop rules.
47 Replies
:
You can literally do whatever you prefer in that regards.
E.g.:
- Add logging to the two drop rules
- Remove the drop rules (and hope the default
LogDenied=all catches them)
Whatever you prefer that way, is up to you.So I've to remove these:
and add yours
Those should be fine, for logging what it drops there.
Okay
But if that doesn't help you, e.g. that it is still not logging anything, I'd suggest adding the priorities like above.
Okay
Normally, I'm not running with that firewall-cmd thing though.
But AFAIK,
priority=1 should win over e.g. priority=32767 in the example above.
E.g. lowest number comes first and wins, - just like e.g. MX records.yes
Yes thanks
I like firewalld more because its the only one that really works and also looks very good but the syntax is a bit yea. Its packed with features x3
Well
I would probably hold back with your continuous mention of "the only one that really works" and such stuff.
It only just shouting PEBKAC.
It looks like that it works
drop log, or priority?
Yes
uhhh both
Just Cloudflare Proxy is getting through and everything else is blocked
:loveHeartHug: thanks
I'll also menation everything of that and yea also Document it so I can understand it more thank you
nvmd nmap still says that 80 and 443 is open
From where are you nmap'ing?
From my Laptop
Local Device and Network
Sitting at the same LAN?
nop
Hm, wait a minute...
Okay :0047k3lly_think:
Are you nmap'ing through IPv4 or IPv6?
uhh both
but I guess more IPv4
And I also added IPv6 dropping
Seems like failed to copy your IPv6 drop rules above
(And adjusting etc. in my examples)
I jsut did that:
Do you still have:
?
Nop I never added that
Because that was just for the Local Servers I've
It was in the originally posted .txt in #general-discussions though.
(But yeah, only holding RFC1918 addresses there)
Yes this txt file is idk 1-2 Years old and it still has the same typos :BL_TanaLaugh:
Its currently looking like that
COuld it be because I added the ports?
like firewall-cmd --permanent --add-port=80
They are not in your list there?
Its there:
I would somehow suppose these ports override everything, yeah.
Hm still saying open
Still appearing under
ports: with that --info-zone command?Strange yes
oh nvmd forgot to add permanent
:Facepalm:
hm but still
I also removed the services
Ahhhh looks like its droping now
So it seems fine?
Cloudflare allowed in, but everything else dropped?
Yes
Great. 🙂
Thank you :loveHeartHug:
Should you want something that logs the HTTP(S) attempts to the above, you can simply add a logging directive with a priority that is lower than 32767, but greater than 1. 🙂
Okay thank you ^^
You're welcome. Glad I could help.
Do you know some good courses for firewalld or just the docuentation?
I don't know about any courses, no.
Normally I would just stick to the official documentations for things (not specific to firewalld, or any other kind of firewall).
And if that somehow fails with the official documentation, I would move on with e.g. Googling the issue, to see if something similar / close enough is popping up.
Okay o.o