Firewalld policy

1 post / 0 new
#1 Mon, 01/07/2019 - 13:16
Raymondworld

Firewalld policy

Hello

After installing virtualmin using the install.sh script I found out with pleasure that firewalld was already activated and settled up, however checking out the policy used I noticed in the public zone (which is set as default zone) some things I do not understand.

I see the rule type "service" for ssh, dhcpv6-client, smtp, smtps,ftp, pop3, pop3s, imap, imaps, http, https..

Then I see that several ports and port ranges rules, but some are overlapping other rules

Port 587 as far as I know is used fot MSA mail, I do not see other rule covering this (unless is covered by smtp service rule) so should be fine I guess.

Port 53 is for DNS, this rule is set twice, once for TCP and once for UDP, why set up this two port rules instead of setting up the DNS service rule?

Port 20 is for FTP, why have the port allowed with a rule if there is already the FTP service rule covering it?

Port 2222 TCP allowed, what is this port allowed for?

Then I see TCP port range from 10000 to 10100 allowed, webmin needs port 10000, why all the others? Port 20000 TCP allowed, that is for usermin, ok.

Then I see a rule which I understand much less, port range from 1025 to 65535 allowed for tcp, practically almost every port and overlapping several other rules, why is that rule there?

Thank you Regards Ray