On 12/5/20 11:20 PM, Ed Greshko wrote:
If you want to make your system "invisible" and won't be running any services you should simply change the zone of your internet interface from "public" to "drop". firewall-cmd --permanent --zone=drop --change-interface=eno1 firewall-cmd --reload
-bash.1[~]: firewall-cmd --permanent --zone=drop --change-interface=eno1 The interface is under control of NetworkManager, setting zone to 'drop'. success -bash.2[~]: firewall-cmd --reload success -bash.3[~]:
I spent some time in the firewall-cmd man page trying to figure this out. It's over my head. Back in the '70s, I tried in 3 separate computer science courses to learn "lisp". I failed. I don't know which is harder: firewalls and network management, or lisp! I'm going back to thinking of a firewall as that part of my ol' jalopy that separates me (in the driver's seat) from the engine compartment! :)
Then, if someone from the outside world attempt to ssh to your system.....
[egreshko@meimei ~]$ ssh 192.168.122.26 ^C
No indication and I did a ctrl-C to kill the attempt. I think it would have eventually timed out.
(Don Quixote)
Is Don Quixote available as an English-language movie?
Thank-you, Ed, for the firewall-cmd commands above. Bill.