linux redhat 7 ( or centos 7 ) + firewalld mask the firewall

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I want to block the user to start the firewall on Linux machines
so I want to use mask on servers as the following:



systemctl mask firewalld


regarding that, I have few questions.



I see that when mask the firewall service its creates a symbolic link of the firewall.service to /dev/null, thus disabling the service.



So where is the location of the service that point to /dev/null (Path of the service that point to /dev/null)?



second



Masking the firewall is nice option to block users to start the firewall service, but as all know user can do unmask and then start the service.



Any advice on if we have other strong option from mask?




linux rhel iptables firewall services




share|improve this question






















  • Quick & effective post optimization checklist. I think it would be useful for you.
    – peterh
    Nov 29 '17 at 15:07















up vote
0
down vote

favorite












I want to block the user to start the firewall on Linux machines
so I want to use mask on servers as the following:



systemctl mask firewalld


regarding that, I have few questions.



I see that when mask the firewall service its creates a symbolic link of the firewall.service to /dev/null, thus disabling the service.



So where is the location of the service that point to /dev/null (Path of the service that point to /dev/null)?



second



Masking the firewall is nice option to block users to start the firewall service, but as all know user can do unmask and then start the service.



Any advice on if we have other strong option from mask?




linux rhel iptables firewall services




share|improve this question






















  • Quick & effective post optimization checklist. I think it would be useful for you.
    – peterh
    Nov 29 '17 at 15:07













up vote
0
down vote

favorite









up vote
0
down vote

favorite











I want to block the user to start the firewall on Linux machines
so I want to use mask on servers as the following:



systemctl mask firewalld


regarding that, I have few questions.



I see that when mask the firewall service its creates a symbolic link of the firewall.service to /dev/null, thus disabling the service.



So where is the location of the service that point to /dev/null (Path of the service that point to /dev/null)?



second



Masking the firewall is nice option to block users to start the firewall service, but as all know user can do unmask and then start the service.



Any advice on if we have other strong option from mask?




linux rhel iptables firewall services




share|improve this question














I want to block the user to start the firewall on Linux machines
so I want to use mask on servers as the following:



systemctl mask firewalld


regarding that, I have few questions.



I see that when mask the firewall service its creates a symbolic link of the firewall.service to /dev/null, thus disabling the service.



So where is the location of the service that point to /dev/null (Path of the service that point to /dev/null)?



second



Masking the firewall is nice option to block users to start the firewall service, but as all know user can do unmask and then start the service.



Any advice on if we have other strong option from mask?





linux rhel iptables firewall services





share|improve this question













share|improve this question




share|improve this question








edited Nov 29 '17 at 15:36









Vlastimil

6,4411147119




6,4411147119










asked Nov 29 '17 at 12:46









yael

2,0301145




2,0301145











  • Quick & effective post optimization checklist. I think it would be useful for you.
    – peterh
    Nov 29 '17 at 15:07

















  • Quick & effective post optimization checklist. I think it would be useful for you.
    – peterh
    Nov 29 '17 at 15:07
















Quick & effective post optimization checklist. I think it would be useful for you.
– peterh
Nov 29 '17 at 15:07





Quick & effective post optimization checklist. I think it would be useful for you.
– peterh
Nov 29 '17 at 15:07











1 Answer
1






active

oldest

votes

















up vote
2
down vote



accepted










As I understand the question, the users you are talking about have root access (since they can unmask a service). In this case there's nothing you can do. If you want your users not to enable a service, don't give them privileged access.



About your first point, the firewalld service is defined in /usr/lib/systemd/system/firewalld.service.






share|improve this answer






















  • so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
    – yael
    Nov 29 '17 at 13:01










  • I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
    – dr01
    Nov 30 '17 at 16:03











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f407734%2flinux-redhat-7-or-centos-7-firewalld-mask-the-firewall%23new-answer', 'question_page');

);

Post as a guest

















1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote



accepted










As I understand the question, the users you are talking about have root access (since they can unmask a service). In this case there's nothing you can do. If you want your users not to enable a service, don't give them privileged access.



About your first point, the firewalld service is defined in /usr/lib/systemd/system/firewalld.service.






share|improve this answer






















  • so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
    – yael
    Nov 29 '17 at 13:01










  • I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
    – dr01
    Nov 30 '17 at 16:03















up vote
2
down vote



accepted










As I understand the question, the users you are talking about have root access (since they can unmask a service). In this case there's nothing you can do. If you want your users not to enable a service, don't give them privileged access.



About your first point, the firewalld service is defined in /usr/lib/systemd/system/firewalld.service.






share|improve this answer






















  • so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
    – yael
    Nov 29 '17 at 13:01










  • I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
    – dr01
    Nov 30 '17 at 16:03













up vote
2
down vote



accepted







up vote
2
down vote



accepted






As I understand the question, the users you are talking about have root access (since they can unmask a service). In this case there's nothing you can do. If you want your users not to enable a service, don't give them privileged access.



About your first point, the firewalld service is defined in /usr/lib/systemd/system/firewalld.service.






share|improve this answer














As I understand the question, the users you are talking about have root access (since they can unmask a service). In this case there's nothing you can do. If you want your users not to enable a service, don't give them privileged access.



About your first point, the firewalld service is defined in /usr/lib/systemd/system/firewalld.service.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 29 '17 at 13:48

























answered Nov 29 '17 at 12:53









dr01

15.3k114769




15.3k114769











  • so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
    – yael
    Nov 29 '17 at 13:01










  • I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
    – dr01
    Nov 30 '17 at 16:03

















  • so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
    – yael
    Nov 29 '17 at 13:01










  • I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
    – dr01
    Nov 30 '17 at 16:03
















so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
– yael
Nov 29 '17 at 13:01




so what about the location of the service that point to /dev/null ( PATH of the service that point to /dev/null )
– yael
Nov 29 '17 at 13:01












I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
– dr01
Nov 30 '17 at 16:03





I answered in the post above. If it helped you please consider accepting the answer. This will mark your question as solved for future readers, and will also prevent closure & deletion of your question.
– dr01
Nov 30 '17 at 16:03


















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f407734%2flinux-redhat-7-or-centos-7-firewalld-mask-the-firewall%23new-answer', 'question_page');

);

Post as a guest
































































-

Popular posts from this blog

Peggy Mitchell

Image
EastEnders character This article is about the soap opera character. For the British tennis player, see Peggy Michell. For the author, see Margaret Mitchell. Peggy Mitchell Barbara Windsor as Peggy Mitchell (2008) EastEnders character Portrayed by Jo Warne (1991) Barbara Windsor (1994–2016) Duration 1991, 1994–2010, 2013–2016 First appearance Episode 650 30 April 1991  ( 1991-04-30 ) Last appearance Episode 5286 17 May 2016  ( 2016-05-17 ) (appearance) Episode 5287 19 May 2016 (voiceover) Introduced by Michael Ferguson (1991) Barbara Emile (1994) Louise Berridge (2004) Kate Harwood (2005) Lorraine Newman (2013) Dominic Treadwell-Collins (2014) Spin-off appearances The Mitchells - Naked Truths (1998) Classification Former; regular Profile Other names Peggy Butcher Occupation Barmaid Businesswoman Pub landlady Jo Warne as Peggy Mitchell (1991) Family Family Mitchell Father Jack Martin Mother Lily Martin Sisters Aunt ...
Read more

Palaiologos

Image
Palaiologos Παλαιολόγος Palaeologus, Palaeologue Imperial Family Double-headed eagle with the family cypher Country Byzantine Empire, Duchy of Montferrat (remaining lineage after Empire annexed by Ottomans) Founded 11th century  ( 11th century ) Founder Nikephoros Palaiologos (first known) Final ruler Constantine XI Palaiologos (Byzantine Empire) Margaret Paleologa (Montferrat) Titles Byzantine Emperor Marquess of Montferrat Style(s) "Augustus" "Basileus" "Autokrator" Traditions Greek Orthodoxy (predominantly) Roman Catholicism (remaining lineage in Montferrat) Dissolution 1533  ( 1533 ) Cadet branches Claimants: House of Kastrioti (defunct) House of Rurik (defunct) Palaiologan dynasty Chronology Michael VIII 1259–1282 with Andronikos II as co-emperor, 1261–1282 Andronikos II 1282–1328 with Michael IX (1294–1320) and Andronikos III (1321–1328) as co-emperors Andronikos III 1328–1341 John...
Read more

The Forum (Inglewood, California)

Image
The Forum "LA Forum" Prairie Ave. façade of The Forum in 2014 Full name The Forum, presented by Chase Former names The Forum (1967–1988) Great Western Forum (1988–2003) Address 3900 W. Manchester Blvd Location Inglewood, California Coordinates Coordinates: 33°57′29″N 118°20′31″W  /  33.95806°N 118.34194°W  / 33.95806; -118.34194 Public transit     Downtown Inglewood station Owner The Madison Square Garden Company Operator MSG Entertainment Seating type Reserved Capacity 17,500 Half-bowl: 8,000 Construction Broke ground July 1, 1966  ( 1966-07-01 ) Opened December 30, 1967  ( 1967-12-30 ) Renovated 1988, 2012–2014 Construction cost $16 million Renovation: 2014: $76.5 million Architect Charles Luckman Associates (original) Brisbin Brook Beynon (renovation) Structural engineer Johnson & Nielsen Associates (original) Severud Associates (renovation) Genera...
Read more