On 2023-04-24 06:04, Andrei Borzenkov wrote:
On 23.04.2023 23:41, Carlos E. R. wrote:
Beta:~ # firewall-cmd --permanent --zone=public \ --add-rich-rule='rule source mac="...:d4" reject'\ success Beta:~ #
Then I try to ssh from Isengard to Beta, both IPv4 and IPv6. It works, as I expected.
You need to reload firewalld after changing permanent configuration.
And I probably missed family=ipv6
firewall-cmd --permanent --zone=public --add-rich-rule='rule familty="ipv6" source mac="AA:BB:CC:DD:EE:FF" reject'
Without 'family="ipv6"', the rule works. An attempt to ssh from outside doesn't work (it stalls). On LAN, it works. It is something. Thanks. Well, I'll have to migrate my machines to firewalld from SuSEfirewall2, now I have a good reason. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)