![](https://seccdn.libravatar.org/avatar/9435667f7160374bc34a8600b686aecd.jpg?s=120&d=mm&r=g)
On 17.03.2021 21:42, Gustav Degreef wrote:
Hello,
I read with great interest the entire recent thread "Possible malware?" and tried to make sure that I set my firewall (firewalld) to block all ssh connections from outside my home LAN. My ISP provides access via cable modem and I set up my own router.
There are 3-4 laptops running opensuse 15.x (and 2 android phones) on my home network (adresses configured with DHCP) and I log in periodically via ssh (as user, not root) to the other computers to fix various issues.
If you control DHCP server or have static DHCP range that is possible. If your DHCP range is dynamically allocated by your ISP, there is no simple way to do it (you simply do not know in advance what is "home network").
Via the yast2 firewall configuration I set only the "public", "internal" and "home" zones to have ssh as an allowed service. The "external" and other zones do not have ssh allowed.
Zone configuration is only relevant if this zone is actually used. I.e. either interface or source (IP range/MAC/ipset) are bound to this zone.
I read quite a few articles on the firewall configuration, but I am not sure that I set it right. Is there anything else I should do?
Assuming one of zones you mentioned is actually used (I believe default is public) and you only allowed incoming SSH connections in this zone, you allowed them from any address, not only from your home network.