Per Jessen wrote:
Well, I have no explanation, but it certainly looks very different on Leap, with sfw2 installed (vanilla config, but not enabled or running).
On my first attempt, no issues with _rpc_ or h323whatever and I'm seeing your boatload of rich rules being added too. Runtime 14minutes.
Total runtime with '-c' was 24 minutes. I removed the ipv6 bits and the port-ranges (30000-something). Looking at the iptables setup created/committed, it doesn't seem to be complete. I look for e.g. your rules concerning ports 514 or 5060, and I don't find any. None of all the rich rules with specific hosts. Operator error I expect. I cleared out whatever was created and I'm now running the script again, with '-c'. I'll check back in 25min. -- Per Jessen, Zürich (17.5°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes