Hi, I’m currently implementing some firewall rules around my internet-facing zones using fwadm. Two questions:
1) By default outgoing traffic is allowed. It seems like I need to explicitly block every port/protocol if I want to block outgoing traffic. Is it somehow possible to block all outgoing traffic with exceptions (and possibly being statefull)? 2) Are fwadm rules supposed to work for lx branded zones? I cannot seem to get them working, they get added and are enabled. But the rules are not applied, see below. (the 722b…. zone is a SmartOS zone where rules are working) # fwadm list UUID ENABLED RULE 692b5409-3616-4f68-b140-7fc2af6b1884 true FROM vm 722b3073-e771-6217-cc5d-a30f4fdd7ff3 TO vm 23d8f7a0-6451-623c-dc9a-b5e46314f7ed ALLOW tcp PORT 8080 # fwadm vms 692b5409-3616-4f68-b140-7fc2af6b1884 23d8f7a0-6451-623c-dc9a-b5e46314f7ed # ipfstat -nio -G 23d8f7a0-6451-623c-dc9a-b5e46314f7ed @1 pass out quick proto tcp from any to any flags S/SA keep state @2 pass out proto tcp from any to any @3 pass out proto udp from any to any keep state @4 pass out quick proto icmp from any to any keep state @5 pass out proto icmp from any to any @1 pass in quick proto icmp from any to any icmp-type echo code 0 @2 block in all Thanks, Eric Ripa ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
