December 18, 2023

Fedora 39 -- firewall

Up to now I have always used iptables for my firewall. With a new fresh full install of Fedora 39, I want to move foreward and learn to use firewalld, which seems to be the new and proper method.
Here are the Fedora docs:

One immediate symptom is that my weather station is unable to send data to port 2001.

We verify that it is running via: 

systemctl status firewalld
We can stop and start it via: 
systemctl stop firewalld
systemctl start firewalld
Indeed, stopping it allows temperature data to be sent from my weather station.

Note that enable/disable will cause it to be started (or not) on every reboot.

Adding or changing rules

There is a GUI tool called "firewall-config" -- and I have it already installed.
It might be handy, but I am going to use the cli tool: 
firewall-cmd --list-all
This command shows that only these services are enabled: 
  services: dhcpv6-client mdns ssh
I can do this to add the port for my weather station: 
firewall-cmd --list-ports
firewall-cmd --add-port 2001/tcp
firewall-cmd --permanent --add-port 2001/tcp
There were no ports listed before I added port 2001. Adding it permanently means it will stick after a reboot.

Indeed, this works and I am getting temperature data.

Adding a service (SMB)

This will come up soon enough.
The following does not work: 
firewall-cmd --add-service=samba --permanent
However, this does work: 
firewall-cmd --permanent --zone=FedoraWorkstation --add-service=samba
firewall-cmd --reload
firewall-cmd --list-services
  dhcpv6-client mdns samba ssh
So, I clearly need to learn about these zones. I will "some fine day".

Zones

I should learn what this is all about, but for now I seem to be able to ignore it. firewall-cmd --get-zones FedoraServer FedoraWorkstation block dmz drop external home internal nm-shared public trusted work
Have any comments? Questions? Drop me a line!

Adventures in Computing / tom@mmto.org