25 Apr
2023
25 Apr
'23
06:30
On Tue, Apr 25, 2023 at 9:15 AM Carlos E. R. <robin.listas@telefonica.net> wrote:
Well, in all machines except one I think I can block both ipv4 and 6. But there is one machine, the server, that must accept incoming attempts on ssh and http on Ipv4 at least. And from what I have seen in my test machine, it will be blocked.
Maybe another rich rule to accept on those two ports?
Use
rule priority="10" ...
to order this rule after normal "allow" chain. Any positive number will do.
Or you can switch to iptables backend so that family="ipv6" works.
Actually, considering that the "public" zone blocks everything by default, you do not need any explicit rule at all.