Firewall setup for a home network?

Hi all! I’m new to OpenSUSE, and kind of new to Linux in general. (about a month of regular desktop usage at this point)

I just jumped from Fedora to OpenSUSE, and am enjoying many of the differences! But the firewall setting are leaving me very confused, and searching the forum hasn’t brought up quite what I’m looking for. So some questions:

  • Why are the settings for a connection listed as “block”, “home”, and “trusted” the same by default? Am I missing something about how these work? I’d think home and trusted would be less restricted.
  • What are of the services listed? Is there a list somewhere? I don’t see it in the firewalld documentation.
  • How should I configure things to fit my use case with a home network? I’ll need the following to work:
    • internet
    • samba and nfs shared folders (and discovery)
    • network printer
    • gaming (both lan and online)

I’m pretty sure I can accomplish most of this by opening up 192.168.100.0/24 right?
If there are tutorials for this, I’ll gladly take them as well.

Thanks!

Welcome to openSuse !

Can you clarify something … you wrote,
" I’ll need the following to work" …

Do you mean “work”, as in you don’t want those being restricted by the firewall ?

Yes, exactly. Sorry for any confusion.
Internet is already fine, but I know I can’t access my network shares yet (not sure how to fix that), and I’m unsure if I’ll need to open up anything for the printer and gaming.

Welcome to OpenSUSE!

You can configure your Firewall ports from YaST.
OpenSUSE knows a lot of ports and they are intuitively named as well as easy to find.

By default, many ports are blocked on OpenSUSE. I guess that’s just a security approach by SUSE.

Are you using graphical Yast Firewall Settings screen ??

If yes, there is a Help button - see the screenshot.
If no, I recommend you use it. It’s in Yast Settings.

Click Help when you have a setting selected - a Help window is displayed.
.

Yes, I’m using YaST to set it up. The “how” is nice and clear, it’s just the “what” that I’m having trouble figuring out.

For example:

  • what is the service “afp”, “bb”, “rsh”, or “wsdd” , or any of the other alphabet soup of acronyms?
  • which of these is responsible for shared folder discovery, or printing?

I just want there to be a list of these services somewhere, with a one-sentence description of each, but I’m getting the feeling this doesn’t exist.

1 Like

Try “/etc/services” – or maybe that is now “/usr/etc/services”.

1 Like

That definitely helps, thanks! Though some of those entries are less useful than others. Like…

bb                 1984/tcp     # BB  [Sean_MacGuire]

…well, that cleared that up! :stuck_out_tongue:

I just discovered that if you go to /usr/lib/firewalld/services/ it has all the services there, with descriptions in each one! (Or at least each one I’ve seen so far.)

That will be tedious, but will still make this much easier to figure out.

Now I have a NEW problem - if I add services or ports, then click “Accept” YaST closes, but when I open it up again the services and ports are empty again! Can I not add services through YaST?

You said you used Fedora before and firewalld comes from RH so you should be familiar with it.

Likely

Do not use YaST, use firewall-config. Which again should be familiar to someone coming from RH :slight_smile:

I only used Fedora for about a month, and never needed to alter the firewall. This seems to be because Fedora opens up every port above 1025 by default.

Ok, so following the links from that thread showed me that the firewall rules are actually implementing correctly, but YaST/firewall-cmd is only reading the Public zone for everything. So I just swapped my zone back from Home to Public (it’s a desktop, so it doesn’t actually matter) and I can do it now.
Seems like a recent issue, so hopefully it gets fixed quickly. Thanks.