Just installed leap 15.0 up from Leap 42.3 on a new desktop PC. [Asus Prime Z390A i7-9700K 32GB ram]
As is my custom, due to a particular program I run I immediately turn off the firewall.
I am behind a router/modem and have been told I do not need a software firewall.
The things I always do on a new install are:
*Turn off the firewall
Create a ‘static’ ip in my router for the PC
Setup my internet in Yast>Network settings
Make sure the ports are forwarded in my router
Start my program to make sure people are able to receive data from me and vice versa
*I have been doing this since opensuse 11.0 and never had any problems.
Enter *firewalld *
Obviously change isn’t always easy and I am not sure firewalld is the problem, but things are not working seemlessly as they usually do and firewalld is something that is new to me and different to my normal setup.
I have tried stopping and disabling firewalld and checked my ports [42868 tcp and 34219 udp] but they remain closed or something.
If you are behind an internet firewall already and trust all other hosts on your private LAN, then you can make the reasonable (and educated) choice as an administrator to disable the firewall. All that’s needed is to stop and disable it…
Can you explain a bit more about what you’re trying to achieve here? Do you run services that need to be accessed externally, or are you trying to reach an external service? A bit more information might help us help you.
I believe I have seen similar behaviour to what you’re seeing - in the
end, I configured firewalld (too may things like Docker, VirtualBox, &c
trying to add their own firewall rules causing all kinds of confusion).
As you see, all my LISTENING services are there. But when you remove those due to services started by me (Apache, MariaDB, NFS, rsync), there aren’t much.
OTOH, this is only on the LAN, like you I have a router to the internet that I can manage and nothing is opened from the outside. I also do not run a firewall on my internal systems.
Now we humans can better interprete the ports the system is listening on. And indeed, when you remove Apache (hhttp and https), Mariadb (mysql), NFS (sunrpc, mountd and the those from rcp.statd), CUPS (ipp) and xinetd (ftp and rsync), only smtp and xmsg are left.
I do not think so, he has some “sudo” in there. Also there is not much to show for LISTENING when you do not have switched on things like I have (as I show above). He seems only to have CUPS and the KDE one.
But I admit his CODE is a bit confusingI. @LaQuirrELL. Please only put between CODE tags exactly what you copy/paste from a terminal window. Thus not, as you did somewhere above putting between code tags
sudo systemctl stop firewalld and sudo systemctl disable firewalld and firewall-cmd --stat
because the word “and” reveals that this is a nonsense command and also all output is missing.
Also saying things like “when I do” CODE “then I get” CODE makes thinks obfuscated. That should all be in one CODE copy/paste.
Post please by copying including the line with the prompt and the command up to including the next prompt line. LIke my examples above. Only so people will trust that what the see is what you saw.
Again, what processes do you have running that should be listening to those ports?
The process that is in question is a program called winmx and it runs through Wine. So it uses wineserver process as welL.
There are two ports I need open 42868 TCP and 34219 UDP
dabud@linux-gyy8:~> sudo ss -ltnp
[sudo] password for root:
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 5 0.0.0.0:42868 0.0.0.0:*
users:(("wineserver",pid=20616,fd=130))
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
users:(("cupsd",pid=1078,fd=7))
LISTEN 0 50 *:1716 *:*
users:(("kdeconnectd"
You can check the status with
Code:
sudo systemctl status firewalld
That one is UPD, not TCP. The list you ask for is already the list of listening ports. What you see in that column is the State. For TCP the State is LISTEN. For UPD things are done different and the word LISTEN is not shown.
When you read the man page (you realy should read man pages ;)):
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP and UDPLite, this column may be left blank.
State
The state of the socket. Since there are no states in raw mode and usually no states used in UDP and UDPLite, this column may be left blank. Normally this can be one of several values:
When it says
normally this can be one of several values
does that mean the UDP port or both UDP and TCP?
So if the UDP port doesn’t usually show STATE how can it be established that it is working the way my program/service needs it to be ?
it always did before.
And where would I start looking to solve this problem if the UDP port is OPEN and all the conditions of the program/service are met but It is only working on the TCP port part not the UDP port part.
It is the same program I have been using for years and there have been no updates on it. So nothing has changed there. I have always run it in opensuse through Wine since openSuse 11.0 with no difficulties.
dabud@linux-gyy8:~> netstat -atu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:42868 0.0.0.0:* LISTEN
tcp 0 0 localhost:ipp 0.0.0.0:* LISTEN
tcp 0 146 linux-gyy8:44850 47-192-73-28.drr02:6699 ESTABLISHED
tcp 0 0 linux-gyy8:37370 a23-14-154-19.dep:https ESTABLISHED
tcp 0 0 linux-gyy8:33628 cloudproxy10003.s:https ESTABLISHED
tcp 0 0 localhost:44277 localhost:40004 ESTABLISHED
tcp 0 981 linux-gyy8:60944 softbank1260101971:6699 ESTABLISHED
tcp 0 114 linux-gyy8:43126 cpc77859-stav20-2-:6698 ESTABLISHED
tcp 9 1514 linux-gyy8:41222 209-225-105-68.sou:6699 ESTABLISHED
tcp 0 0 linux-gyy8:38274 104.19.198.151:https ESTABLISHED
tcp 0 0 localhost:40004 localhost:44277 ESTABLISHED
tcp 0 0 linux-gyy8:59620 ec2-3-210-29-106.:https ESTABLISHED
tcp 0 398 linux-gyy8:48324 p265079-ipngn20020:5335 ESTABLISHED
tcp6 0 0 ::]:xmsg ::]:* LISTEN
udp 0 0 localhost:323 0.0.0.0:*
udp 0 0 0.0.0.0:34219 0.0.0.0:*
udp 0 0 0.0.0.0:50983 0.0.0.0:*
udp 0 0 224.0.0.251:mdns 0.0.0.0:*
udp 0 0 224.0.0.251:mdns 0.0.0.0:*
udp 0 0 0.0.0.0:mdns 0.0.0.0:*
udp6 0 0 localhost:323 ::]:*
udp6 0 0 ::]:xmsg ::]:*
udp6 0 0 ::]:37416 ::]:*
udp6 0 0 ::]:mdns ::]:*
Aren’t we going a bit off-topic now? This thread is about “Do I need firewalld”.
New question, new thread with a new title that will draw the attention of maybe other people that know something about your application.
I can only tell you what the netstat man page says about it’s output.
The output lists that that UDP port is open. When you nevertheless say that the application “does not work”, that may have miriads of causes, So getting the attention of those who know the program (and Wine) and telling them what “not working” means might help.
Glad to have been of guidance. Yes, start a new thread in Applications. That’s what your problem is really about (and why I was requesting several posts back about exactly which app/process this really concerned).