From Fedora Project Wiki
Description
This test case checks that the default configuration of the system firewall for the Server product is as required in the Server/Technical_Specification.
How to test
- Install the Fedora Server release you wish to test, in graphical or text mode, with one or more server roles selected, and without doing anything otherwise to affect firewall configuration.
- Boot the installed system, and check the firewall configuration:
sudo iptables -L -v
is the most detailed and 'close to the metal' way to check, but may be too complex readily to understandsudo firewall-cmd --list-all [--zone <zone>]
should list active services and open ports in the default or specified firewall zone (e.g. 'FedoraServer', 'home', 'public' etc)sudo firewall-cmd --get-zone-of-interface=<interface>
should return which zone an interface is in- To do a functional test, you can manually attempt to connect to various ports with a telnet or netcat-like utility from another system, or use a port scanning tool only if you are the admin for both systems and the network itself or have permission from the relevant admin(s)
Expected Results
- The firewall should be configured as specified in the Server/Technical_Specification#Firewall - that is, the ssh and Cockpit ports must be open, and the only other ports that may be open are those associated with the role(s) deployed during installation and dhcpv6-client (which is needed for IPv6 operation).