On my Raspberry Pi 1B the latest JeOS Tumbleweed image, Snapshot20201209, is installed. I want to use firewalld with the following deviations from the standard configuration given as firewall-cmd lines.
firewall-cmd --permanent --zone=public --remove-service=ssh firewall-cmd --permanent --zone=public --add-rich-rule='rule port port="22" \ protocol="tcp" log prefix="SFW2-INSSH " level="info" limit value="6/m" drop' firewall-cmd --permanent --zone=internal --remove-service=samba-client firewall-cmd --permanent --zone=internal --add-service=ssh firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/16 firewall-cmd --permanent --zone=internal --add-source=fe80::/16 firewall-cmd --permanent --zone=internal --add-source=83.x.y.z firewall-cmd --permanent --zone=internal --add-source=2001:x:y:z::/48 firewall-cmd --permanent --zone=internal --add-source=2001:xx:yy:zz::/56 public is the default zone The firewall blocks almost all traffic and allows ssh access from the listed IPv4 and IPv6 addresses in zone internal; some local, some from somewhere in the internet. The rich-rule keeps track of unwanted access to the ssh port. When I reboot the system with the firewalld.service enabled I use "ip a" to list the IP addresses assigned to the interfaces lo: and eth0: In this list eth0 does not have an IPv4 address. Also when I stop the firewalld service eth0 still does not get an IPv4 address. Only after a restart of the network service, eth0 gets an IPv4 address; no firewall active. eth0 is configured (standard) to get an IPv4 address via DHCP. Also router information "ip r" and /etc/resolv.conf do not contain IPv4 addresses. To did investigate this further, so I installed the latest JeOS Tumbleweed on my RPi4 and configured firewalld in the same way. This system does NOT show this wrong behavior. I filed a bug report: https://bugzilla.opensuse.org/show_bug.cgi?id=1180231 -- fr.gr. member openSUSE Freek de Kruijf _______________________________________________ openSUSE ARM mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
