Mailinglist Archive: opensuse-factory (269 mails)

< Previous Next >
Re: [opensuse-factory] Package firewalld should not yet replace SuSEfirewall2 [SOLVED]
  • From: Freek de Kruijf <freek@xxxxxxxxxxxx>
  • Date: Mon, 02 Sep 2019 10:53:19 +0200
  • Message-id: <1913343.unBYlZTZR2@eiktum>
Op maandag 26 augustus 2019 11:45:30 CEST schreef Mathias Homann:
Am Sonntag, 25. August 2019, 14:53:36 CEST schrieb Freek de Kruijf:
Let me write up something about what you want to do when it's not half
past
eleven at night... :)

Dear Martin,

s/Martin/Mathias/ :)

I am patiently awaiting your your write up.

I put it on my blog:
https://www.tuxonline.tech/an-introduction-to-firewalld/

Cheers
MH

I found a comprehensive article about firewalld on this web page:

https://www.linuxjournal.com/content/understanding-firewalld-multi-zone-configurations

It explains the flow of packages through the firewall, which was the last
thing I did not understand about firewalld.

I finally decided to have two zones, internal and external. The zone internal
only has local source addresses, the addresses in my local network, 192.../24,
fe80::/8 and <ipv6-prefix>/48, which I got from my provider. The zone external
contains the only wired interface and is the default zone.

The internal zone accepts all the configured services without logging, the
external zone accepts a subset of these services, which are accepted by rich
rules with sometimes limited logging and sometimes limited accept rate.

--
fr.gr.

member openSUSE
Freek de Kruijf



--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >