Welcome to the Linux Foundation Forum!

Firewall-cmd of Lesson 40



Working on Firewall-cmd in Lesson 40. I do not understand why curl allows access to the web server from the local machine but not from a remote computer to the same URL. This is concerning because, in the LFCS exam, we will have only have access to a single host terminal and so need a reliable way to test firewall rules.


firewall-cmd is configured to block http, https services and port 80. However, it forwards port 8080 to port 80:

root@SandBox1:~# firewall-cmd --list-all

public (default, active)

  interfaces: ens160


  services: dhcpv6-client mysql ssh



  masquerade: no

  forward-ports: port=8080:proto=tcp:toport=80:toaddr=


  rich rules:

Web server is running on port 80:

root@SandBox1:~# netstat -anp | grep apache2

tcp        0      0    *               LISTEN      2424/apache2


Why does curl on the same host return a web page when port 80 is blocked? If I try to curl from a different, I get the expected behavior - Port 80: No route to host.  

Best Regards



  • dlwillson
    dlwillson Posts: 2
    edited June 2017

    During the exam, you have access to your own machine, and you can test from there.

  • coop
    coop Posts: 915
    edited June 2017


    I don't actually know specific exam content (I'm not allowed to) but I would doubt firewalld stuff is on the exam as ifirewalls are covered more thoroughly in LFS211 and are more appropriate in LFCE exam, not LFCS.  Also, firewalld is still not as widely used and requires manual installation on some of the older systems the exam is given on as it was not yet in the packaging system.

    I192.168.1.x is always a system on the local network; are all the systems you are talking about on the local network?  (192.168.1.x is a reserved address and not visible from the Internet).  Are you saying the firewall is not working when everything is on your workstation or laptop?  I'd have to check, but the OS/kernel is smart enough to sense such things (it does it for routing for example) and uses loopback networking etc.  But I don't off hand know about firewalls.  Anyone can comment?






Upcoming Training