Hi everybody, I recently installed OpenSuse Leap, but I have trouble working with firewalld. The goal is to accept incoming ssh and vnc connections from two IPs exclusively, but it just does’nt work. I removed all interfaces from zone public, set the internal zone up so that it has only the two IPs as sources and only the ssh and vnc services, but I still get asked for password when I try to ssh into the machine from an IP that is not listed. Any hints?

firewall-cmd --get-active-zones returns this: docker interfaces: docker0 internal sources: 192.168.0.3/24 192.168.0.2/24

firewall-cmd --zone=internal --list-all returns this: internal (active) target: default icmp-block-inversion: no interfaces: sources: 192.168.0.3/24 192.168.0.2/24 services: ssh vnc-server ports: 22/tcp 5900/tcp 5901/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:

edit: Even with this configuration here, incoming ssh connections from an unlisted address still ask for password: firewall-cmd --get-active-zones
docker interfaces: docker0 drop interfaces: eth0 br0 internal sources: 192.168.0.3/24 192.168.0.2/24

  • e_t_@kbin.pithyphrase.net
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    I think the problem is that you’re adding a subnet mask (/24) to your IPs. They should either be bare or have a /32 mask. The /24 mask is allowing the whole 192.168.0.1-254 address range.

    • ichbinjasokreativ@lemmy.worldOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Thank you so much, removing the subnet part actually fixed it!! I thought I’d have to be more specific than just the IP, but listing them bare is apparently how you do it.