On 3/17/21 1:42 PM, Gustav Degreef wrote:
Hello,
I read with great interest the entire recent thread "Possible malware?" and tried to make sure that I set my firewall (firewalld) to block all ssh connections from outside my home LAN. My ISP provides access via cable modem and I set up my own router.
There are 3-4 laptops running opensuse 15.x (and 2 android phones) on my home network (adresses configured with DHCP) and I log in periodically via ssh (as user, not root) to the other computers to fix various issues.
Via the yast2 firewall configuration I set only the "public", "internal" and "home" zones to have ssh as an allowed service. The "external" and other zones do not have ssh allowed.
I read quite a few articles on the firewall configuration, but I am not sure that I set it right. Is there anything else I should do? Thanks, Gustav.
Gustav, I've always liked iptables and managing the rules directly. For example, here is a reasonably helpful page. https://www.digitalocean.com/community/tutorials/iptables-essentials-common-... The reason I prefer managing the rules directly, is it eliminates the question whether the front-end you are using is actually doing what you think you are telling it to do? I always found it took about equal time to either look-up how to do something in iptables directly or to mess with a firewall front-end and figure out what it thinks a zone is and if this zone is really being applied in the way I think it is. Don't get me wrong, I'm not against front-ends and openSUSE has done a good job with firewalld (shorewall before that, etc...), but if you use more than one distribution, you may have to learn multiple front-ends. The documentation for firewalld is reasonably good: https://firewalld.org/documentation/ Those are the basic pros/cons I see it. Whichever you use, it just takes time (like anything else) to wade though the documentation and examples to the point where you are comfortable with what it is doing and how to configure it for your needs. -- David C. Rankin, J.D.,P.E.