Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2026-02-22 01:18:07 +01:00
Code Issues Projects Releases Wiki Activity
mikaela.github.io/n/firewalld.md

1.8 KiB
Raw Blame History

Quick note on firewalld usage

This is practically /ufw, but fore Firewalld which Fedora comes with. The blog post also predates me having a /n directory here.

After done, run sudo firewall-cmd --reload

Zones

firewalld zones are privilege of NetworkManager users, this tends to be a systemd-networkd household. Then again I dont believe in absolutely trusted zones.

Zone would be specified by --zone=home in the commands. The other zone I could imagine using is public.

Services

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=mosh --permanent
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --add-service=syncthing --permanent
  • I trust Chrony (ntp) to not allow it to be used from outside of LAN as firewalld is apparently not designed with limiting source addresses in mind.
  • syncthing is the client, not to be confused with syncthing-gui or syncthing-relay.

Ports

sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp
  • 9001/udp is Yggdrasil automatic peering, although link-local and unlikely to be recognised by predefined rules.
  • 6771/udp is Bittorrent Local Peer Discovery