Firewall packages?

I can’t find any mention of firewall configuration in the documentation.

I can’t find any packages apart from iptables

For example it would me handy to have ufw, since iptables is very obtuse to configure.

Clear Linux has no firewall when you install it. By default, all ports are open. By default, only SSH is listening.

What is your firewall use case?

Running a server, I just wanted to block all incoming + outgoing connections on all ports except the services I’m running. I’m reading up on iptables at the moment anyway, but one complication is Docker creates a bunch of iptables rules so I’ll have to boot up with Docker disabled, create and save the rules, and enable it again.

I wasn’t sure where to save the rules file, but I found /usr/lib/systemd/system/iptables-restore.service which loads from /etc/iptables.rules. I guess this should be documented somewhere eventually :slight_smile:

@ljmccarthy fair enough. Those locations/commands are part of iptables and not too unique to CL, so documentation for it hasn’t been a high priority for it so far. I added a request to get it documented though:

1 Like

These are standard and come from upstream. man iptables-save to start. Follow the SEE ALSO references therein to related documents.

Pls, how to install any firewall gui?

debian, ubuntu, fedora, suse …
this is not a problem!

gufw is a frontend to ufw which I’ve decided NOT to include. ufw is too debian/ubuntu centric to integrate nicely and would likely be too much work to include.

Instead, we will have firewalld available within a few days. This still likely needs to be polished up a bit so please help by test and give feedback on the firewalld bundle once it becomes available. We will look into adding firewall-config at a later point in time when it all works OK.


I will try it out when it lands. Cheers

Hi,i tried firewalld ,enabled the daemon and is running but have failure whenI check the status:

sudo firewall-cmd --state

because not find //etc/firewalld/firewalld.conf.
Now im back to iptables but I will to try here something to copy to /etc… or to create this config file manual?

The missing /etc file message is more dramatic than it seems and doesn’t directly cause the failed firewalld state. The fix is merged upstream and pending a new release, more details here:

4 posts were split to a new topic: Firewalld missing nft errors