Re: securing this workstation.

Sun, 27 Apr 2025 20:45:25 -0700 

On 4/27/25 4:12 AM, Barry Scott wrote:




On 26 Apr 2025, at 01:38, home user via users 
<users@lists.fedoraproject.org> wrote:



I gather from the Fedora docs that I should use firewalld or 
firewalld-config.  I have both.  But Fedora docs does not give me 
enough detail.  I am not an IT professional.  What specifically should 
I do to keep unwanted people and things out?



Given you are directly connected to the internet you will need to review 
the firewalld rules.



I also work directly on the files in /etc/firewalld when I'm setting up 
my firewalls,

so may get these command lines wrong. On my KDE plasma f42 I see this:

$ firewall-cmd --get-default-zone
FedoraWorkstation

$ firewall-cmd --list-all
FedoraWorkstation (default, active)
   target: default
   ingress-priority: 0
   egress-priority: 0
   icmp-block-inversion: no
   interfaces: enp0s5
   sources:
   services: dhcpv6-client samba-client ssh
   ports: 1025-65535/udp 1025-65535/tcp
   protocols:
   forward: yes
   masquerade: no
   forward-ports:
   source-ports:
   icmp-blocks:
   rich rules:

This shows that lots of ports are open, the sevices: and ports: lines


If is is what you see then you need only open the to the ports and 
services that you actually need.



You will need dhcpv6-client but the rest I think you need to remove from 
config.



The setting are in /etc/firewalld/zones/FedoraWorkstation.xml but 
someone with firewalld-cmd
experience can likely tell you commands to strip out the ports that are 
open.


Barry


What I get:

# firewall-cmd --list-all
FedoraWorkstation (default, active)
  target: default
  ingress-priority: 0
  egress-priority: 0
  icmp-block-inversion: no
  interfaces: eno1
  sources:
  services: dhcpv6-client samba-client ssh
  ports: 1025-65535/udp 1025-65535/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
#

--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue























					Reply via email to