I have read all the man pages related to firewalld and also explored all of the files that come pre-installed in firewalld before it is configured. How can I configure the zones of the firewall to provide maximal security for a private web application?
Here is the use case:
1.) Twenty known users will have http/https access to the web
application from specific machines.
2.) One administrator will have remote ssh login access.
3.) The app will send and receive SSL email.
4.) The app includes a database.
5.) All usage not described in steps 1 through 4 will be blocked.
My understanding is that I need to add interfaces to one or more zones, then add services to the zones that have interfaces. I also see that I can add source ip addresses to zones. I also see that I can use rich rules to define the configurations. But I have never configured a firewall before. Can someone show me how to translate the use case above into specific zones/interfaces/services/sources in firewalld on a remote CentOS 7 web server.
Also, /etc/firewalld/firewalld.conf says that the default zone is public. What should the default zone be?
Aucun commentaire:
Enregistrer un commentaire