On 2023-04-24 19:25, Andrei Borzenkov wrote:
On 24.04.2023 13:47, Carlos E. R. wrote:
Beta:/etc/firewalld/zones # firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source mac="...:d4" reject' success Beta:/etc/firewalld/zones # firewall-cmd --list-rich-rules
Beta:/etc/firewalld/zones # less public.xml
Beta:/etc/firewalld/zones # firewall-cmd --reload Error: Message recipient disconnected from message bus without replying Beta:/etc/firewalld/zones #
In Tumbleweed it works correctly.
In Leap 15.4 with default nftables backend firewalld gets "unsupported family" and aborts. It does not happen in firewalld itself, but rather in supporting library used by firewalld. It works when using iptables backend.
Apparently nobody tried to define ipv6 rules so far in Leap.
Well, in all machines except one I think I can block both ipv4 and 6. But there is one machine, the server, that must accept incoming attempts on ssh and http on Ipv4 at least. And from what I have seen in my test machine, it will be blocked. Maybe another rich rule to accept on those two ports? -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)