Vulnerable after disabling firewall

**

Hello, After setting static address on wlan0 (for port forwarding on my ZTE ZXHN H298N Hyperoptic router) I was unable to connect to internet. Only after disabling firewall I was able to make the connection. Now I am worried that my system is vulnerable to outside attacks. What can be done to protect my system. All suggestions will be greatly appreciated.**

Are you referring to the Leap 15.0 firewall? Or are you referring to a firewall on your router? At this stage, it isn’t clear.

In any case, I would suggest you try to find what packets were being blocked that caused the problem.

Hello, Many thanks for your reply.

[LEFT]Are you referring to the Leap 15.0 firewall?[/LEFT]

Yes I’m referring to the Leap 15.0 firewall. The router firewall has always been set to Medium.

Try to find what packets were being blocked that caused the problem

How would I do that?

Do you set your wlan to the right Zone in Yast----Firewall?

Hi,

[LEFT]Do you set your wlan to the right Zone in Yast----Firewall[/LEFT]

I’m not familiar with the different zones in Firewall. It was set to, I assume the default one, “Public Zone”.

At the moment, I cannot think of any reason how simply setting a static IP address should disable connecting to the Internet and how the firewall works.
At the very least, maybe a reboot could resolve odd issues.

Some things come to mind… Are you using Wicked or NM to manage your networking, and do you know what those are? Perhaps you have set up an odd hybrid because you set up one without disabling the other (There are a few Forum threads about people who have made this mistake)?

Of course, port forwarding (incoming connections) would be blocked if you don’t open those ports in your firewall either explicitly or by choosing a permissive firewall zone… The Public zone is default which is most restrictive, “Trusted” or other zones can be chosen which might allow incoming connections without more work (depends on what you’re allowing on what port). But that wouldn’t block outbound Internet connections.

TSU

Hi,
Thank you for your reply.

[LEFT]At the very least, maybe a reboot could resolve odd issues.[/LEFT]

Every time I make any kind of change in network connection I reboot system using command: sudo systemctl restart network
I am using Wicked and not NM. As far as I know Wicked is used when the network environment is not likely to change frequently. When using Yast to set up static address you get the option to use one or the other. There is no option to disable one.
I have set the firewall to all zones. It does not matter which zone I choose, until I disable the firewall I do not get internet connection.

It maybe better to go back to the basics of this thread.

You report that you are unable to connect to the internet. But that is only a sort of conclusion. You never told, let alone showed, that your system can not connect to systems on the internet.

So please do and post here:

ping -c1 130.57.66.6

Normally, I wouldn’t expect firewalld to be preventing internet connectivity - it should allow network connections initiated (solicited traffic) from within your system, but perhaps you should share your existing firewall configuration…

firewall-cmd --get-active-zones
firewall-cmd --list-all

and perhaps a definitive view of your current IP configuration…

ip a
ip r