FirewallD question

I have activated the service for KDE connect in the “Public” zone on the customer’s computer. However, this does not survive the reboot. How should I proceed to make this setting permanent? Do I have to define a new zone and adjust it and how do I do that? From the instructions of Fedora I am not quite clear.

At the top of your screenshot there is label that reads “Konfiguration”, the combo box is currently set to “Runtime”. That means that any changes you make effect the running firewall.

That box has another option which controls the “Permanent” configuration that is saved.

1 Like

And can I then tinker the additional services into the running zone (in the case “Public”), or is it better to choose a different zone for them?

Zones are a totally different concept.

Consider a laptop. You might have one Zone called “public” which you use when you are on wifi and another called “home” which is more permissive that you use when you are home.

If you don’t need different rules in different situations then just pick a zone and stick with it. I personally use the “Home” zone but you could just as easily use a different one.

1 Like

Thanks @dalto, if I didn’t have you I would have to go back to using Mint :wink: .

1 Like

As you mentioned a “customer’s computer”, here are some things I have found handy.

  • Use the Runtime
    Make and test changes

  • Reload Firewalld (Options menu)
    Will clear any/all changes you have made to Runtime, good for testing them prior to Permanent

  • Runtime to Permanent (Options menu)
    Saves time if you have selected several services, no need to select again

2 Likes

thx @haakoth , it’s helpful

2 Likes

@dalto , few days ago when there was discussion about FirewallD, it was said that, for normal users, there is no need to configure the check boxes available there. But, if I want to know what are the purpose of each checkboxes, and how they affect the working of it, then how should I procceed ?
I also use “home” mode of FirewallD.

Those check boxes are services that you can open your firewall to let through.

It doesn’t really make sense to learn about what each of those things are.

It generally happens the opposite way. You need to allow something through the firewall so you you find which checkbox matches the service you need to let through.

To say it a different way, each of those check boxes lowers your security so you only want to check them if you need to allow something to come through the firewall.

1 Like

Thank you sir, I got your point.

Means selecting nothing will maximize the security?

Every port that has to be opened in addition to port 80 is one too many.

Little more clarification… ?

Port 80 is the one used by all Internet browsers, for example:

Any open port that allows communication from the outside in is an additional risk. The basic configuration seems to keep all absolutely necessary ports open to ensure smooth functioning. As mentioned at the beginning, I only use the firewall in the router, but I have to check it from time to time on other computers.

1 Like

Got it…

1 Like

Yes.

Opening port 80 is a risk too. You would only open port 80 if you were hosting a web server.

1 Like

So should I disable every preselected option ?
In my case, dhcpv6-client, mdns, samba-client, ssh are enabled.
I also found few app related options as well.

I would disable them and see what happens. If something stops working, re-enable the service associated with the thing that stops working.

1 Like

I had also disabled them, and then gave the online test and also uploaded the document via drive. Everything worked fine, except :

Google had noticed unusual traffic from you address, please confirm that it’s you.
.
What should be the reason for this ?

That probably isn’t caused by your firewall. Are you using a vpn, proxy, tor or similar?

No, its just LibreWolf browser. Also tried in Firefox, which also gave same result.