>
************************************************************************
> [jarmo@localhost ~]$ firewall-cmd --get-active-zones
> public
> interfaces: em1
>
> [jarmo@localhost ~]$ firewall-cmd --zone=public --list-ports
>
> [jarmo@localhost ~]$ firewall-cmd --zone=public --list-all
> public (default, active)
> interfaces: em1
> sources:
> services: dhcpv6-client mdns
> ports:
> masquerade: no
> forward-ports:
> icmp-blocks:
> rich rules:
> ************************************************************************
>
> These also show that my active interface is in public zone, and ipp is
> not enabled. So I still do not understand how the port can be open.
>
That is "odd" what does
iptables -L -n | grep 631
Show?
The output is empty.
The only semi-rational explanation I have for this at the moment is that
internally my LAN address 10.13.3.247 maps to localhost.localdomain, so
maybe connecting to 10.13.3.247 with nmap bypasses the firewall?
************************************************************************
[jarmo@localhost ~]$ traceroute 10.13.3.247
traceroute to 10.13.3.247 (10.13.3.247), 30 hops max, 60 byte packets
1 localhost.localdomain (10.13.3.247) 0.078 ms 0.024 ms 0.023 ms
************************************************************************
Jarmo