Op maandag 24 april 2023 14:48:42 CEST schreef Bengt Gördén:
On 2023-04-24 14:16, Carlos E. R. wrote:
firewall-cmd --permanent --zone=public --add-rich-rule='rule familty="ipv6" source mac="AA:BB:CC:DD:EE:FF" reject'
Without 'family="ipv6"', the rule works. An attempt to ssh from outside doesn't work (it stalls). On LAN, it works.
Really hope you prefaced the "family" with --. Neither you nor Andrei did.
Between the quotes after --add-rich-rule=, you don't use --. So the used syntax of the rule by Carlos is right. I studied the manual and found that ordering of these rules is important. But I believe that implementing this rule is faulty. It should check whether the packet contains a field which indicates IPv6 and if so if the source mac address contains the given value, if so the package should be dropped. -- fr.gr. member openSUSE Freek de Kruijf