By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Amazon Linux 2 embedded Firewall

0

Hello,

I'm looking for guidance on configuring firewalld on Amazon Linux 2.

I've been migrating some of our internal services to the Amazon Linux 2 AMI, and I encountered some connectivity issues, and during the investigation it seems that Amazon Linux 2 is running the firewalld service on the instance, and this is the default configuration:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: ssh dhcpv6-client
  ports: 1433/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

What should I be doing here? I already have networking configured at the VPC level, as well as via security groups... should I be disabling firewalld?

Should I be switching it to the 'trusted' zone?

Is this the intentional base configuration?

Thanks,
Paul

Topics
Compute
Tags
Amazon EC2
Language
English
PaulG
asked 6 years ago7169 views
1 Answer
0

I have a new Amazon Linux 2 up and running and it doesn't seem to have any type of firewall running. I also checked the installed packages and while the firewalld.noarch package is available to install it is not installed by default. Maybe your user-init script is installing it, or maybe there is a 3rd party service installing it for you, but I don't think it should be there by default.

Anyway, my personal thoughts are that between NACLs and Security Groups a host based firewall is probably overkill. We don't run any such software on our instances and I don't think I've ever heard a recommendation from AWS that it might be necessary.

DHarbor-RNHurt
answered 6 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content