On 04/25/25 7:38 PM, home user wrote: > (Fedora-42; stand-alone workstation) > >This is a totally new Fedora install on a stand-alone workstation, >done today. It is not a part of a LAN or WAN or any other home > or office network. It is not dual-boot. I do need for Firefox, > Thunderbird, and dnf to be able to interact with the "outside world" > appropriately. I do occasionally need to be able to download or > upload things. Beyond those (and maybe other appropriate things > that don't at the moment come to mind), I do not want anyone or > anything to be able to get into this workstation. For example, no > "ssh", "scp", "rlogin". > > I gather from the Fedora docs that I should use firewalld or > firewalld-config. I have both. But Fedora docs does not give me > enough detail. I am not an IT professional. What specifically should > I do to keep unwanted people and things out?
I am not an IT professional. Firewall configuration turned out to be (for me) a huge and complex specialty. I ultimately had to get off-line help to do this. I was advised that what I wanted was already the default Workstation configuration. ssh isn't enabled unless you turn it on in settings. I was also advised that... "If you want to be *really* secure, you can use the firewall tool to set the zone to "drop". Since the new desktop is not yet connected to the internet, I don't have a GUI firewall tool, and had to do things by command line. The off-line expert suggested: "nmcli c modify [connection_name] connection.zone drop" and that I could get the value for "connection_name" from "nmcli c". That worked. I thank all who tried to help. I've tagged this thread SOLVED. -- _______________________________________________ users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
