Why am I able to telnet to my machine on port 80 when I do not have http or port 80 opened and there are no services listening on port 80?
sudo firewall-cmd --list-all --zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: em1
sources:
services: dhcpv6-client ssh
ports: 12345/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I've tried to remove the port but it says it's not in the active zone, so shouldn't my telnet connections be rejected?
sudo firewall-cmd --zone=public --remove-port=80/tcp
Warning: NOT_ENABLED: '80:tcp' not in 'public'
I've double checked and I do not have iptables service running, only firewalld is running. I'm still not understanding why iptables command exists or why the iptables file is updated with firewall-cmd commands.
I even tried the "old school" method of just dropping all incoming traffic with:
sudo iptables --policy INPUT DROP
But still telnet to port 80 comes through.
sudo iptables --policy INPUT DROPthis by itself doesn't actually block anything and only changes what happens last to packets that do not match any rule in the current firewall. - But please take a step back - how do you "telnet to my machine on port 80" ? Because you wouldn't be the first one to forget that theirhost.example.comFQDN isn't directly associated with the server itself and directs to for example a load balancer or CDN such as cloudflare... And what happens when you actually write out a HTTP request in your telnet session? Also: https://serverfault.com/a/1109720/984089 – diya Oct 10 '22 at 12:30