Firewall settings for Leap. Asus Vivobook

I recently moved from Linux Mint to Opensuse. Small business owner here. I’m not familiar with setting up secure Firewall settings on Leap. Just getting into computers due to my business.

These are the default settings on my firewall as, is. Can anyone tell me if these are secure settings? Also, a basic rundown or references on what to read to start my journey. Much help is appreciated.

Welcome to the forum.

You’ve got a plethora of apps installed (though it only shows a snippet) - quite an endeavor, indeed.

Curiosity on my part - why the switch from Mint ?

1 Like

For one, Debian based distros are not recognizing my wi-fi driver. I’m sure there’s ways around it, but I’m still on a learning curve with Linux. I needed something up and running. I did research between and Opensuse and Fedora (they both recognize all my drivers out right after installation) and decided to give Opensuse.

1 Like

Hello @SuseNewbster ,

I think “Leap” was a good choice. The two main reasons I prefer Leap to other distros are:

A. ROCK SOLID
B. YaST makes it easier to configure things that I rarely look at … such as the firewall!

The most important thing to understand about the firewall is that at any given time, an interface is assigned to ONE zone. In spite of all the zones, you only need to worry about what you actually use.

From your screenshot, I am guessing that you have changed the “default” zone to “home”.

For a quick sanity check, it is easier to describe using the cli (command line interface):

root@orca# firewall-cmd --get-default-zone
home

So I know “home” is the default zone.

root@orca# firewall-cmd --zone=home --list-interfaces
wlan0
root@orca# firewall-cmd --zone=public --list-interfaces

I know my wireless card (wlan0) is attached to “home”.

root@orca# firewall-cmd --zone=home --list-services
dhcpv6-client mdns ssh
root@orca# firewall-cmd --zone=home --list-services
dhcpv6-client mdns ssh
root@orca# firewall-cmd --zone=home --list-ports

This show all the things the firewall will allow. If I had explicitly opened any ports in the yast firewall tool, they would show up below the --list-ports.

You only need “ssh” if you use ssh to remotely login to your box. samba-client will allow you to access smb (usually windows) resources shared by other boxes on your network.

If your interface is set to “home”, you should be ok with that configuration, assuming you actually need “ssh” and “samba-client”.

1 Like

Thank you for the reply sir!. For sure I like the feel and look of this distro. Like I said my goal is for work. The reason I’m asking for this is due to the fact that that I’ll be receiving sensitive info from clients. So I tried copy/pasting this and it’s giving me this. Im I supposed to add something else?

You’ve copied the user’s prompt (including their user and machine hostname). It should just be the command…
firewall-cmd --get-default-zone

1 Like

Some tutorials that may be of interest to you…

1 Like

Thank you! This is what I need.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.