Firewall configuration

That’s totally ok )

It would also be “closed” if default target is REJECT (and it may be the default setting in Fedora).

You can set default target (for each zone) to DROP, and port status should change to unknown/stealthy (I don’t remember exact naming).

“rich rules” have in theory rules organized by destination address, but they have so many restrictions, that they are not usable in real life. Do not know, why they are so… not smart. :slight_smile:

I’ve never even tried to use them))))

I tried before writing here. :slight_smile:

Do you know syntax of nmcli to create new virtual interface? I’m a bit confused reading man about this…

I’ve tried, but couldn’t find anything about NM and creating virtual interfaces like enps3s0:0

That’s when I had an Idea with destination address in service.xml file. @duneyrr, this idea can work, i’d suggest checking/testing it.

Have to go now, will try to reply later today – or tomorrow.