On 06/12/2020 12:49, home user wrote:
On 12/5/20 9:24 PM, Samuel Sieb wrote:
and the outgoing is the firewall's rejections
I'm no expert, but I believe the firewall can be set to utterly ignore things it blocks rather than sending a rejection. Generally this is more useful for things connected to the internet at large since you'll just get random probes rather than torrential attacks once they figure out there is something there they can try to break into.
The default for firewalls is to drop packets instead of rejecting them. Rejecting sends an ICMP packet back saying the connection wasn't allowed.
How do I check what is actually happening?
wireshark. :-) :-)
If the firewall is sending the ICMP packets, then how do I change it so it merely drops the packets?
If you want to make your system "invisible" and won't be running any services you should simply change the zone of your internet interface from "public" to "drop".
firewall-cmd --permanent --zone=drop --change-interface=eno1 firewall-cmd --reload
Then, if someone from the outside world attempt to ssh to your system.....
[egreshko@meimei ~]$ ssh 192.168.122.26 ^C
No indication and I did a ctrl-C to kill the attempt. I think it would have eventually timed out.
--- The key to getting good answers is to ask good questions.