Quick note on firewalld usage
This is practically /ufw, but for Firewalld which Fedora comes with. The blog post also predates me having a /n directory here.
After done, run sudo firewall-cmd --reload
Automaattinen sisällysluettelo / Automatically generated Table of Contents
Zones
firewalld zones are privilege of NetworkManager users, this tends to be a systemd-networkd household. Then again I don’t believe in absolutely trusted zones.
Zone would be specified by --zone=home in the commands. The other zone I could
imagine using is public.
Protocols
sudo firewall-cmd --add-protocol=ipv6-icmp --permanent
- Tells computers when things go wrong with IPv6 network. See also
Neil Alexander: Understanding ICMP and why you shouldn’t just block it outright.
- Motivation for being here is 20/20 in IPv6-test.com.
Services
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=mosh --permanent
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --add-service=syncthing --permanent
sudo firewall-cmd --add-service=mdns --permanent
sudo firewall-cmd --add-service=kdeconnect --permanent
- I trust Chrony (ntp) to not allow it to be used from outside of LAN as
firewalldis apparently not designed with limiting source addresses in mind. syncthingis the client, not to be confused withsyncthing-guiorsyncthing-relay.
Ports
sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp
9001/udpis Yggdrasil automatic peering, although link-local and unlikely to be recognised by predefined rules.6771/udpis Bittorrent Local Peer Discovery