-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Forgot to send this the past night. On Tuesday, 2023-04-25 at 22:58 +0200, Carlos E. R. wrote: <0.4> 2023-04-29T00:25:49.693695+02:00 Isengard kernel - - - [1211886.836452][ C0] FINAL_REJECT: IN=eth0 OUT= MAC= SRC=192.168.1.16 DST=192.168.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=23392 DF PROTO=UDP SPT=137 DPT=137 LEN=58 <0.4> 2023-04-29T00:25:51.697641+02:00 Isengard kernel - - - [1211888.843976][ C1] FINAL_REJECT: IN=eth0 OUT= MAC= SRC=192.168.1.16 DST=192.168.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=23711 DF PROTO=UDP SPT=137 DPT=137 LEN=58 <0.4> 2023-04-29T00:25:52.701737+02:00 Isengard kernel - - - [1211889.844391][ C1] FINAL_REJECT: IN=eth0 OUT= MAC= SRC=192.168.1.16 DST=192.168.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=23942 DF PROTO=UDP SPT=137 DPT=137 LEN=58 <0.4> 2023-04-29T00:25:53.701690+02:00 Isengard kernel - - - [1211890.845524][ C0] FINAL_REJECT: IN=eth0 OUT= MAC= SRC=192.168.1.16 DST=192.168.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=24132 DF PROTO=UDP SPT=137 DPT=137 LEN=58 <0.4> 2023-04-29T00:25:54.701642+02:00 Isengard kernel - - - [1211891.846967][ C0] FINAL_REJECT: IN=eth0 OUT= MAC= SRC=192.168.1.16 DST=192.168.255.255 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=24241 DF PROTO=UDP SPT=138 DPT=138 LEN=191 192.168.1.16 is precissely Isengard. Port 137 is part of samba: cer@Telcontar:/usr/lib/firewalld/services> cat samba.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>Samba</short> <description>This option allows you to access and participate in Windows file and printer sharing networks. You need the samba package installed for this option to be useful.</description> <port protocol="udp" port="137"/> <port protocol="udp" port="138"/> <port protocol="tcp" port="139"/> <port protocol="tcp" port="445"/> <helper name="netbios-ns"/> </service> cer@Telcontar:/usr/lib/firewalld/services> I have samba allowed: <rule family="ipv4"> <source address="192.168.0.0/16"/> <protocol value="samba"/> <accept/> </rule> I must be missing something. But I neither see "137" nor "samba" in the output of "firewall-cmd --list-all". Isengard:/etc/firewalld/zones # firewall-cmd --list-all | grep "service name" rule family="ipv4" source address="192.168.0.0/16" service name="https" accept rule family="ipv4" source address="192.168.0.0/16" service name="http" accept rule family="ipv4" source address="192.168.0.0/16" service name="nfs" accept rule family="ipv4" source address="192.168.0.0/16" service name="dns" accept rule family="ipv4" source address="192.168.0.0/16" service name="ntp" accept rule family="ipv4" source address="192.168.0.0/16" service name="ssh" accept limit value="3/m" rule family="ipv4" source address="192.168.0.0/16" service name="mountd" accept rule family="ipv4" source address="192.168.0.0/16" service name="mdns" accept rule family="ipv4" source address="192.168.0.0/16" service name="nfs3" accept rule family="ipv4" source address="192.168.0.0/16" service name="rpc-bind" accept Isengard:/etc/firewalld/zones # I must be missing something, but I am tired. Damm! It is service name, not protocol value. Wrong copy paste. But the syntax check said nothing! Claims success and fails. Isengard:/etc/firewalld/zones # firewall-cmd --check-config && firewall-cmd --reload && date --rfc-3339=ns success success 2023-04-29 00:41:48.864776026+02:00 Isengard:/etc/firewalld/zones # firewall-cmd --list-all | grep samba rule family="ipv4" source address="192.168.0.0/16" service name="samba" accept Isengard:/etc/firewalld/zones # I don't like this firewalld... - -- Cheers, Carlos E. R. (from openSUSE 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZEzqGhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVQ1cAoIAxzbBd1+YDxeFVHiGj 2FzoVpaQAJ9qgoYMUySEVUPH5JXOjeYJLc7RRQ== =Dv4f -----END PGP SIGNATURE-----