Re: [oS-en] Testing the new configuration of firewalld

26 Apr 2023


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Tuesday, 2023-04-25 at 23:22 +0200, Bengt Gördén wrote:
...
On 2023-04-25 22:58, Carlos E. R. wrote:
...
rule family="ipv6" source address="fc00::/64" port port="5353" protocol="udp" accept
      rule family="ipv6" source address="fe80::/64" port port="5353" protocol="udp" accept
I have this comment on my "/etc/sysconfig/SuSEfirewall2" file, from which 
they werre translated to the above two lines:

# fe80::/64,udp,5353  - autoconf broadcast from printer
#fc00
# Posible entrada desde internet al ssh
FW_SERVICES_ACCEPT_EXT="192.168.1.14/24,_rpc_,nfs       192.168.1.15/24,_rpc_,nfs       192.168.1.129/24,_rpc_,nfs      \
                         fe80::/64,udp,5353              fc00::/64,udp,5353      \
                         192.168.1.0/24,tcp,80           192.168.1.0/24,tcp,22   \
                         0/0,tcp,22,,hitcount=3,blockseconds=100,recentname=ssh"

Ie, I wrote that probably to silence noise in the log from a printer 
broadcast, or to have some autoconf feature from the printer working.
...
Whats the output of
ip6tables-save
Isengard:/etc/firewalld/zones # ip6tables-save
# Generated by ip6tables-save v1.8.7 on Wed Apr 26 02:17:33 2023
*raw
:PREROUTING ACCEPT [14175:19377794]
:OUTPUT ACCEPT [9470:17375360]
COMMIT
# Completed on Wed Apr 26 02:17:33 2023
# Generated by ip6tables-save v1.8.7 on Wed Apr 26 02:17:33 2023
*security
:INPUT ACCEPT [12058:19236084]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9470:17375360]
COMMIT
# Completed on Wed Apr 26 02:17:33 2023
# Generated by ip6tables-save v1.8.7 on Wed Apr 26 02:17:33 2023
*nat
:PREROUTING ACCEPT [2050:136843]
:INPUT ACCEPT [18:1343]
:OUTPUT ACCEPT [37:4315]
:POSTROUTING ACCEPT [37:4315]
COMMIT
# Completed on Wed Apr 26 02:17:33 2023
# Generated by ip6tables-save v1.8.7 on Wed Apr 26 02:17:33 2023
*mangle
:PREROUTING ACCEPT [14175:19377794]
:INPUT ACCEPT [14089:19371371]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9470:17375360]
:POSTROUTING ACCEPT [9475:17375810]
COMMIT
# Completed on Wed Apr 26 02:17:33 2023
# Generated by ip6tables-save v1.8.7 on Wed Apr 26 02:17:33 2023
*filter
:INPUT ACCEPT [14033:19362332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9470:17375360]
- -A INPUT -p udp -m udp --dport 546 -j ACCEPT
- -A INPUT -p udp -m udp --dport 5353 -m pkttype --pkt-type multicast -j ACCEPT
COMMIT
# Completed on Wed Apr 26 02:17:33 2023
Isengard:/etc/firewalld/zones #

- -- 
Cheers,
        Carlos E. R.
        (from openSUSE 15.4 x86_64 at Telcontar)

-----BEGIN PGP SIGNATURE-----

iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZEhwKhwccm9iaW4ubGlz
dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfViOoAn3xz/8HFm65pDigqM8uu
VsDrKLDIAJ0fTXHqWYtddI+Gkgl17nz4yrBoTw==
=r3T6
-----END PGP SIGNATURE-----