Hi everybody, I recently installed OpenSuse Leap, but I have trouble working with firewalld.
The goal is to accept incoming ssh and vnc connections from two IPs exclusively, but it just does'nt work.
I removed all interfaces from zone public, set the internal zone up so that it has only the two IPs as sources and only the ssh and vnc services, but I still get asked for password when I try to ssh into the machine from an IP that is not listed.
Any hints?
firewall-cmd --get-active-zones returns this:
docker
interfaces: docker0
internal
sources: 192.168.0.3/24 192.168.0.2/24
firewall-cmd --zone=internal --list-all returns this:
internal (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.0.3/24 192.168.0.2/24
services: ssh vnc-server
ports: 22/tcp 5900/tcp 5901/tcp
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
edit:
Even with this configuration here, incoming ssh connections from an unlisted address still ask for password:
firewall-cmd --get-active-zones
docker
interfaces: docker0
drop
interfaces: eth0 br0
internal
sources: 192.168.0.3/24 192.168.0.2/24
Thank you so much, removing the subnet part actually fixed it!! I thought I'd have to be more specific than just the IP, but listing them bare is apparently how you do it.