Carlos E. R. wrote:
On 2023-04-29 08:54, Per Jessen wrote:
Carlos E. R. wrote:
Ah, found where I got the trick for acrobat:
] Date: Sun, 17 Apr 2005 18:52:27 +0200 ] From: nordi ] To: suse-security@ ] Subject: Re: [suse-security] How to block Acroread 7 with SuSE FW2? ] ] In order to block that traffic you could make the acroread executable ] SGID 'acro' and then block all traffic coming from group 'acro'. ] Iptables has an option for doing this by using the --gid-owner option. ] Of course that works only with a local firewall.
Interesting. Well, thanks for the explanation, at least you can get rid of that now.
Yep. I had forgotten about it. Still, we can find out how it is translated to firewalld.
Might be good for laugh, I suppose. No doubt a rich rule.
Of course - the question is _why_ you chose to be so restrictive with traffic between your _own_ machines. I too restrict certain (groups of) machines, e.g. unknown wifi devices, but I would never go to the level of restricting individual intrnal machines.
Oh, I said that before: because I did not trust Telefónica router.
It sounds much more like you didn't trust your own machines.
They considered NAT to be all that was needed.
Which it almost certainly was. Did you have any traffic penetrate that NAT-wall ? -- Per Jessen, Zürich (18.9°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes