Mikaela
/
mikaela.github.io
mirror of https://github.com/mikaela/mikaela.github.io/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

firewalld.md: add a couple of services and ports

This commit is contained in:
Aminda Suomalainen 2023-09-09 11:53:01 +03:00
parent 97c4fcdae5
commit eb727f4148
Signed by: Mikaela
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
n/firewalld.md
View File

@ -40,16 +40,25 @@ could imagine using is `public`.
## Services
```bash
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=mosh --permanent
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --add-service=syncthing --permanent
```
- I trust Chrony (ntp) to not allow it to be used from outside of LAN
as `firewalld` is apparently not designed with limiting source
addresses in mind.
- `syncthing` is the client, not to be confused with `syncthing-gui`
or `syncthing-relay`.
## Ports
```bash
# TODO: Don't do this, this is a ppor example.
# firewalld surely recognises 631 as a service of some name,
# and as noted before, --zone won't work on my systems.
sudo firewall-cmd --zone=home --permanent --add-port=631/tcp
sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp
```
- 631/tcp is used by cups.
- `9001/udp` is Yggdrasil automatic peering, although link-local and
unlikely to be recognised by predefined rules.
- `6771/udp` is [Bittorrent Local Peer Discovery](http://bittorrent.org/beps/bep_0014.html)