On 04/12/2020 12:59, home user wrote:
On 12/3/20 8:10 PM, Ed Greshko wrote:
I believe the firewall on your system is already dropping all incoming connection requests.
Provide the output of....
sudo firewall-cmd --get-active-zones
and then using the result from that command
sudo firewall-cmd --info-zone=whatever-was returned.
-bash.1[~]: firewall-cmd --get-active-zones libvirt interfaces: virbr0 public interfaces: eno1 -bash.2[~]: firewall-cmd --info-zone=libvirt libvirt (active) target: ACCEPT icmp-block-inversion: no interfaces: virbr0 sources: services: dhcp dhcpv6 dns ssh tftp ports: protocols: icmp ipv6-icmp masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule priority="32767" reject
The virbr0 interface is the interface between your system and any qemu/kvm Virtual Machines you deploy. This is an "internal" interface not connected directly to the Internet.
-bash.3[~]: firewall-cmd --info-zone=public public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: dhcpv6-client mdns ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: -bash.4[~]:
eno1 is your Internet connection and is directly connected from your system to the Arris TM8222G modem. The only services which are allowed to make incoming connections are dhcpv6-client and mdns. All other incoming connection requests will be dropped by the firewall.
You most likely don't need mdns (Multicast DNS) and can delete that service. You *may* need dhcpv6-client to properly configure your IPv6 automatically when the system starts.
To address your other post containing all the Screen shots....
As already noted, this traffic is being seen at the interface before being acted upon by the firewall. So, all the screen shots show packets arriving on the interface but which will be dropped by the firewall. Thus, they are all irrelevant.
If you want to know more about the "services" shown in the screen shots one way to do it is lookup the service in /etc/services.
[egreshko@meimei ~]$ grep tivoconnect /etc/services tivoconnect 2190/tcp # TiVoConnect Beacon tivoconnect 2190/udp # TiVoConnect Beacon
And then google the description, in this case "TiVoConnect Beacon". Learn, for example, http://tivopod.sourceforge.net/tivoconnect.pdf and see that it is a broadcast protocol used by TiVo devices.
You may see some spikes in CPU usage if a flurry of connection requests arrives and the filrewall goes through its process to drop them.
--- The key to getting good answers is to ask good questions.