firewalld by default does not allow packets that are dropped. In some cases, you need to find out if some packet is being dropped or not. For doing so you may want to enable logging of dropped packets with the following command:
sudo firewall-cmd --set-log-denied=all
This will enable logging all the packets and help you figure out if firewalld is dropping the packet.
It is good practice to keep iptables/firewall enabled. But configuring it is difficult, do you agree. Not any more 🙂
sudo yum install firewall-config
This will install a GUI application, which you can run with “Firewall” application in the dash or with “firewall-config” in terminal. It is pretty straight forward to use this tool, even if you don’t have much knowledge on Firewall/iptables.
Last couple of years, I just used to disable iptables on my system, this time I decided not to disable it and keep it enabled.
So far so good, now comes the tricky part, I have http server enabled on my system and since this is on local network with already firewall and other security in place so I can allow all incoming to my system and similarly I need to enable XDMCP outgoing. So, I can add the rules like this :
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p udp -s 0/0 -d 0/0 --dport 177 -j ACCEPT for XDMCP
This works only till I reboot my system and is not persistent. Okay, so I can put this in rc.local file. But why I should do that, there should be more elegnant way. So, I searched and finally found that I can simply put the rules in /etc/sysconfig/iptables as follows:
-A INPUT -p tcp –dport 22 -j ACCEPT
-A OUTPUT -p udp -s 0/0 -d 0/0 --dport 177 -j ACCEPT for XDMCP