Quick note on firewalld usage

This is practically /ufw, but fore Firewalld which Fedora comes with. The blog post also predates me having a /n directory here.

After done, run sudo firewall-cmd --reload

Zones
Protocols
Services
Ports

Zones

firewalld zones are privilege of NetworkManager users, this tends to be a systemd-networkd household. Then again I don’t believe in absolutely trusted zones.

Zone would be specified by --zone=home in the commands. The other zone I could imagine using is public.

Protocols

sudo firewall-cmd --add-protocol=ipv6-icmp --permanent

Tells computers when things go wrong with IPv6 network. See also Neil Alexander: Understanding ICMP and why you shouldn’t just block it outright.
- Motivation for being here is 20/20 in IPv6-test.com.

Services

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=mosh --permanent
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --add-service=syncthing --permanent
sudo firewall-cmd --add-service=mdns --permanent

I trust Chrony (ntp) to not allow it to be used from outside of LAN as firewalld is apparently not designed with limiting source addresses in mind.
syncthing is the client, not to be confused with syncthing-gui or syncthing-relay.

Ports

sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp

9001/udp is Yggdrasil automatic peering, although link-local and unlikely to be recognised by predefined rules.
6771/udp is Bittorrent Local Peer Discovery

2.2 KiB Raw Blame History Unescape Escape

Quick note on firewalld usage

Zones

Protocols

Services

Ports

2.2 KiB

Raw Blame History