Quick note on firewalld usage

This is practically /ufw, but for Firewalld which Fedora comes with. The blog post also predates me having a /n directory here.

After done, run sudo firewall-cmd --reload

Automaattinen sisällysluettelo / Automatically generated Table of Contents

Zones
Protocols
Services
Ports

Zones

firewalld zones are privilege of NetworkManager users, this tends to be a systemd-networkd household. Then again I don’t believe in absolutely trusted zones.

Zone would be specified by --zone=home in the commands. The other zone I could imagine using is public.

Protocols

sudo firewall-cmd --add-protocol=ipv6-icmp --permanent

Tells computers when things go wrong with IPv6 network. See also Neil Alexander: Understanding ICMP and why you shouldn’t just block it outright.
- Motivation for being here is 20/20 in IPv6-test.com.

Services

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=mosh --permanent
sudo firewall-cmd --add-service=ntp --permanent
sudo firewall-cmd --add-service=syncthing --permanent
sudo firewall-cmd --add-service=mdns --permanent
sudo firewall-cmd --add-service=kdeconnect --permanent

I trust Chrony (ntp) to not allow it to be used from outside of LAN as firewalld is apparently not designed with limiting source addresses in mind.
syncthing is the client, not to be confused with syncthing-gui or syncthing-relay.

Ports

sudo firewall-cmd --permanent --add-port=9001/udp
sudo firewall-cmd --permanent --add-port=6771/udp

9001/udp is Yggdrasil automatic peering, although link-local and unlikely to be recognised by predefined rules.
6771/udp is Bittorrent Local Peer Discovery

Return to note index?

Dear reader, you may be missing a content blocker! 🙀 Please consider installing one to protect yourself, and your close ones, from manipulation and targeted malvertising!
Privacy Badger will take care of third-party tracking the best, but hiding this message takes a more targeted filter such as uBlock Origin (for Firefox) or uBlock Origin Lite (for everything else).
Additionally considering adblocking DNS services such as DNS4EU Protective Resolution With Ad blocking or public AdGuard DNS may be a good idea to clean up your modern internet.
Learn more about targeted advertising!
PS. I am not sorry if this cosmetic filtering targeting script doesn't detect your protection, because this message brings me too many amused messages and smiles for that (and thus this message is here to stay) 🐾