On Thu, 2016-02-25 at 11:48 +0000, Timothy Murphy wrote: > After changing the default zone to "internal" everything works fine. > > But I don't understand the reasoning behind this. > This use of the term "zone" seems to me misleading and bizarre. > I run shorewall on my home server, and there the "zone" > can be "net", "local", etc.
Security zones can be considered thus: You have a gateway machine that connects directly to the internet, and it is the link between the WWW and your LAN. Since it straddles both sides, it would have an external set of rules and an internal set of rules. The external rules apply to the traffic between it and the WWW, the internal rules apply to the traffic between it and your LAN. The external rules would, usually, be more stringent than the internal ones. Both rules sets are always in action. You have another computer that is inside your LAN, you'd set up an internal rule set for this. Or you could use some other name for it, it's just a name for a set of rules that makes sense to you. You could call it LAN. You have a laptop that sometimes is inside your LAN, sometimes you take it to public networks. You may have two sets of rules, a *home* set for where you trust the rest of your network, and an *away* set where you do not trust anything. Only one set of rules are used at a time, so you can set one as the default, but change it when needed. What kind of differences might there be between external and internal rules? You might all NFS or SMB inside, but block it externally. Likewise for other services. You may block some things internally, you might block nothing internally. -- tim@localhost ~]$ uname -rsvp Linux 3.19.8-100.fc20.i686 #1 SMP Tue May 12 17:42:35 UTC 2015 i686 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
