Carlos E. R. wrote:
I don't understand what the next block is. Do I really need it?
<icmp-block name="this-and-that"/>
I presume it was migrated from your SFW2 setup, so I guess you needed it previously.
I never wrote those. They must be default rules.
Maybe check one of your other machines still using SFW2. You ought to see a long list of rules targeting those icmps.
Oh, I have the file of this machine intact.
Isengard:/etc/firewalld/zones # grep -i address-unreachable /etc/sysconfig/SuSEfirewall2 Isengard:/etc/firewalld/zones #
The reference is not there, it has to be some default.
That is not a safe way to determine it. The issue is - if it is a default, it is in the migration script and that would be weird. Try running "iptables --list -n" and maybe grep for 'icmp' For comparison, from my opensuse mirror: jensen:~ # iptables --list -n| grep icmp ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 2/sec burst 5 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 -- Per Jessen, Zürich (15.9°C) Member, openSUSE Heroes (2016 - present) We're hiring - https://en.opensuse.org/openSUSE:Heroes