On 23.04.2023 15:56, Carlos E. R. wrote:
On 2023-04-23 13:56, Andrei Borzenkov wrote:
On 23.04.2023 14:06, Carlos E. R. wrote:
Well, so far nobody has chimed in on how to configure firewalld to refuse incoming connections from internet on IPv6,
I already told you - block incoming connections with source MAC address of your router.
You did, but not with firewalld. I don't know how to do that.
I just looked in my laptop with Beta, and could not find the GUI to configure firewalld, only the YaST module which is way too simple.
firewall-config is missing. Installed.
I see that the zone is set to "public".
ssh service is enabled. I tested that I can reach this machine from Internet to ssh.
Sorry, I have no idea how to achieve what you say.
You use rich rules. firewall-cmd --permanent --zone=public --add-rich-rule='rule source mac="AA:BB:CC:DD:EE:FF" reject' This will reject any new packet coming from router. It will do it before accepting SSH on port 22. This will still allow IPv6 RA from your router. It will block ICMPv4 so you may consider explicitly allowing it. Personally I simply do not use IPv6 on the LAN (what's the point if I have IPv4 anyway) and block it except for a couple of ports.
I had a look at <https://firewalld.org/documentation/>. No clue how to do anything. I look for example, at an example section:
<https://firewalld.org/documentation/zone/examples.html>
with a bunch of XML things, instead of click on this menu, do this or that. Useless.
The GUI is nothing more than rather simplistic XML editor so if you understand (XML) configuration you should have no problem with GUI.