I have two computers running OpenSuse linux named linux5 and linux6. They are connected via a Fritzbox. I just installed Leap 15.3 on linux6. I enabled the sshd in the Services Manager and then checked the firewall settings. ‘ssh’ was added to several zones, but not all.
I then tried to ssh from linux5 to linux6, but got a “no route to host” error. I checked with ss and lsof that the post 22 is indeed open. pinging linux6 from linux5 was possible.
When I shut down the firewall on linux6, I could connect via ssh from linux5 without any problem. I then added ssh to almost all zones and it still works.
I’m wondering which zones I really need to open. Is there an easy way to find out?
You do not “open zone”. Zone is simply a collection of rules (including ports/services that should be open). To actually use these rules you need to assign zone to interface; then traffic through this interface will be subject to rules in this zone.
Is there an easy way to find out?
Of course - you check configuration of zone assigned to your interface. You as administrator of your system are responsible for deciding which zone is used for which interface. You can check default zone with “firewall-cmd --get-default-zone” and you can check zone currently associated with interface with "firewall-cmd --get-zone-of-interface=interface-name"
Edit: Forgot to add that you’ll need to make sure to include the --permanent option in that last command to make sure that the rule persists after the firewall has been reloaded.