Hi, everything you wanna do can be done with firewalld, and much easier than with susefirewall, even more so because you don't have to worry about IPv4 / IPv6. Let me write up something about what you want to do when it's not half past eleven at night... :) Cheers MH Am Samstag, 24. August 2019, 23:17:11 CEST schrieb Freek de Kruijf:
Op dinsdag 25 juni 2019 17:00:05 CEST schreef Patrick Shanahan:
* Patrick Shanahan <paka@opensuse.org> [06-25-19 10:57]:
* Freek de Kruijf <freek@opensuse.org> [06-25-19 10:16]:
Now that the date is near when SuSEfirewall2 will be removed I finally looked into what firewalld is offering.
It took some time to get more familiar with firewalld. I have some specific requirements. The firewall log should be available for parsing to report unwanted access to dshield.org.
Still I do not understand all the particulars of the elements in firewalld. Even the concept of a zone is still unclear to me. A simple concept is that an interface is connected/belongs to a zone. So in my case the eth0 interface, which is connected to the local network, but is also a server connected to the internet via a router with a NAT firewall should be in the zone external, the default zone.
However I would like to make exceptions for the systems in my local network. The question is how to do that. There is a zone trusted or something similar. Should I enter the source addresses of the systems in that local network in such a zone?
Furthermore I want services like ssh, smtp, smtps, imaps, etc to be accessible from all over the world, but not imap, only from the local network. I also want ACCEPT messages for these services in the firewall log, but, for ssh, I want to limit access to 3 per minute and also limited logging.
Any ideas how to configure firewalld with rich rules?
*Mathias Homann* Mathias.Homann@openSUSE:.org[1] irc: [Lemmy] @ freenode, ircnet obs: lemmy04 *gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102* -------- [1] mailto:Mathias.Homann@eregion.de -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org