* Patrick Shanahan
* Carlos E. R.
[02-27-19 06:22]: On 27/02/2019 12.12, Anton Aylward wrote:
Yes there were certainly a number of systems that wrapped Shorewall into a very nice application for a dedicated box. I was never enamoured with the idea of 'personal firewall' on each machine, since I'm a bit old school and agreed that the 'firewall as the networks response to poor host security', the quote some guru or other.
But that was then, this is now; many individuals at their workstations are either idiot or had a passing bout of idiocy that opened them to an attack. They too need to be either isolated or given a 'personal firewall'.
Then, too, there are the 'single machines on the net', users.
So not I think differently. Professionally. But here I have a number of layers before getting to my host, and a lot of my processing isn't done on my host.
Remember that in a today's house there are a lot of gadgets with Internet connectivity that we don't control fully. Say, the fridge.
Have you looked at https://software.opensuse.org/package/gufw
My setup is not simple.
My desktop firewall opens certain ports to only certain IPs, so that a visitor would not get automatic access. I don't see that feature in firewalld.
firewall-cmd --list-all-zones
firewall-cmd --zone=public --add-port=12345/tcp --permanent firewall-cmd --zone=public --remove-port=12345/tcp --permanent
https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-... https://firewalld.org/documentation/
perhaps you need to look further (cmds are single lines): Deny IPv4 traffic over TCP from host 192.168.1.10 to port 22. firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.1.10" port port=22 protocol=tcp reject' Allow IPv4 traffic over TCP from host 10.1.0.3 to port 80, and forward it locally to port 6532. firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=10.1.0.3 forward-port port=80 protocol=tcp to-port=6532' Forward all IPv4 traffic on port 80 to port 8080 on host 172.31.4.2 (masquerade should be active on the zone). firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080 to-addr=172.31.4.2' -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org