Hi, so i wanted to change my firewall a little (im using firewalld) and though i wan to disable forwarding (both because im using lan and wlan at the same time and dont want packages from one go to another and my device is also not a dns/vpn endpoint) and dropping the target , so packets juts get dropped when they dont match my rules .
so i could manage to drop the target by giving =
sudo firewall-cmd --permanent --zone=public --set-target=DROP
sudo firewall-cmd --reload
it worked.
Then i went to disable the forwarding , first i tried to improvise with =
sudo firewall-cmd --set-forward=no
sudo firewall-cmd --reload
so i got =
usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page firewall-cmd: error: unrecognized arguments: --set-forward=no
(i figured it out that it is not a valid option)
so i went to the firewalld configuration file sudo nano /etc/firewalld/firewalld.conf and added these line =
AllowZoneDrifting=no
DefaultForwardPolicy=no
restarted the firewall and then used sudo firewall-cmd --list-all to see that the forward is still yes.
so i went to disable it at the kernel level sudo nano /etc/sysctl.conf
and added the lines
net.ipv4.ip_forward=0
net.ipv6.conf.all.forwarding=0
applied the changes sudo sysctl -p
and verified them
sysctl net.ipv4.ip_forward
sysctl net.ipv6.conf.all.forwarding
both were set to 0 which is good
but still it the forward was yes
i kew that the firewalld manages iptables so i though maybe i can manage it myself so i inspect
sudo iptables -L FORWARD
and i got this output = Chain FORWARD (policy DROP) target prot opt source destination
there was no rules , but just in case flushed it =
sudo iptables -F FORWARD
and added it again =
sudo iptables -P FORWARD DROP
So after doing all of these i know that the forwarding of any packet is not posibble , but still after using , sudo firewall-cmd --list-all
i see forward : yes
so i did one last thing , i modified the zone configuration sudo nano /etc/firewalld/zones/public.xml
and added
<forwarding>no</forwarding>
it said Error: PARSE_ERROR: Unexpected element forwarding
so i just canged it to
<forward>no</forward>
and it didnt gave any errors.
and made sure no other zones are overwritting
sudo firewall-cmd --get-active-zones
## the only zone was public
## but anyway i set it to public again
sudo firewall-cmd --set-default-zone=public
i restarted/reloaded everything
but still it shows that the phuking (f is not allowed so i used ph) forward: yes is yes
so any ideas 
