afaik on TW firewalld has replaced SUSEfirewall
if SUSEfirewall is still alive and working on your machine it could be affecting firewalld
you can use yast service manager to check if SUSEfirewall is still there and to activate firewalld
see https://forums.opensuse.org/showthread.php/530165-Tumbleweed-update
The ‘net-tools’ package has been deprecated for some time now and no longer included by default. Instead the ‘ip’ command and others can be used. For example, to get interfaces and assigned addresses…
This package contains the deprecated network utilities arp, ifconfig, netstat and route, which have been replaced by tools from the iproute2 package: * arp -> ip -r] neigh * ifconfig -> ip a * netstat -> ss -r] * route -> ip r
OK, thank you!
What do you think, I must enter eth0 and ppp0 in the firewall settings (“Interfaces” tab)? or eth0 only? If I do not do this (“Interfaces” tab is empty), will the firewall work?
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:25:22:bb:5f:e9 brd ff:ff:ff:ff:ff:ff
3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 100.65.171.237 peer 100.65.168.1/32 scope global ppp0
valid_lft forever preferred_lft forever
For eth0 it works, thank you.
But I’m need to add ppp0 explicitly, otherwise firewalld does not see it.
Tell me, am I doing something wrong?
alex@linux-yz6z:~> sudo pppoe-start # I turn on ppp0.
[sudo] пароль для root:
alex@linux-yz6z:~> sudo firewall-cmd --zone=drop --list-all
drop (active)
target: DROP
icmp-block-inversion: yes
interfaces: eth0
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
pppoe config
** Summary of what you entered **
Ethernet Interface: eth0
User name: szt
Activate-on-demand: No
Primary DNS: 8.8.8.8
Secondary DNS: 8.8.4.4
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y
Adjusting /etc/sysconfig/network/ifcfg-ppp0
Adjusting /etc/resolv.conf
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
Congratulations, it should be all set up!
By default the public zone is used (unless you have previously changed the default zone). You should have checked the public zone when the ppp0 interface is active.
Anyway, you can change it with something like
firewall-cmd --zone=drop --change-interface=ppp0
This will apply to the current firewall session. To make it permanent (future sessions), do
As this is an English-speaking forum, I can really only advise sites using that language. There are lots of online firewall test sites that you can try using eg
OK. But you did not understand me. Sorry for my bad English.
I have a ‘private IP address’ (local IP address).
All these online firewall tests will tell me about the network screen of the server of the Internet provider, from which I receive an internal IP.
Right?
But I’m not sure that I will get an answer about protecting the firewall of my workstation.
The simple answer is that as ppp0 and eth0 are both in the ‘drop’ zone, then the firewall rules will apply equally to both, and all unsolicited incoming packets should be dropped
drop
Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.
You should be able to observe the logging (/var/log/firewalld). Dropped packets can be logged according to the ‘LogDenied=’ setting in /etc/firewalld/firewalld.conf