Hi everybody, I recently installed OpenSuse Leap, but I have trouble working with firewalld. The goal is to accept incoming ssh and vnc connections from two IPs exclusively, but it just does’nt work. I removed all interfaces from zone public, set the internal zone up so that it has only the two IPs as sources and only the ssh and vnc services, but I still get asked for password when I try to ssh into the machine from an IP that is not listed. Any hints?
firewall-cmd --get-active-zones returns this: docker interfaces: docker0 internal sources: 192.168.0.3/24 192.168.0.2/24
firewall-cmd --zone=internal --list-all returns this: internal (active) target: default icmp-block-inversion: no interfaces: sources: 192.168.0.3/24 192.168.0.2/24 services: ssh vnc-server ports: 22/tcp 5900/tcp 5901/tcp protocols: forward: no masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
edit:
Even with this configuration here, incoming ssh connections from an unlisted address still ask for password:
firewall-cmd --get-active-zones
docker
interfaces: docker0
drop
interfaces: eth0 br0
internal
sources: 192.168.0.3/24 192.168.0.2/24
Thank you so much, removing the subnet part actually fixed it!! I thought I’d have to be more specific than just the IP, but listing them bare is apparently how you do it.