Hi all
First of all, I have to tell you that I am a total Linux noob, I have installed fedora for the very first time a week ago. This is my dekstop PC, home use. Since then I installed some apps, and extensions, everything seems nice, and seems to be working. I like it!
(-actually I have installed everything twice… rookie mistakes… first Windows on a different SSD saparately, both Linux and Windows GPT table, UEFI mode, using rufus for both)
Grub is working, all booting.
But!
I am not convinced, that my Linux firewall actually working as it should -or doing anything at all.
After installing fedora 38 Workstation, firewall was in an inactive dead? state, so I installed it from terminal. (2x for tests…) It has added the graphical GUI, I can make settings from the GUI or from terminal. When I hit “Panic mode” I got no connection to the internet.
This is what current staus looks like:
sudo firewall-cmd --state
running
firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: enp3s0 lo
sources:
services: dhcpv6-client mdns
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset>
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Sun 2023-05-07 18:20:54 UTC; 37min ago
Docs: man:firewalld(1)
Main PID: 812 (firewalld)
Tasks: 4 (limit: 19043)
Memory: 57.0M
CPU: 1.189s
CGroup: /system.slice/firewalld.service
└─812 /usr/bin/python3 -sP /usr/sbin/firewalld --nofork --nopid
I have changed the:
zone to public both interfaces (lo is local IP 127.x.x.x.),
removed SSH from services,
and changed forward: from yes to no, - not completely sure what this is
I am readig the documentation, and articles for this firewall for days, and I am kind of stucked with it. I wanna see it working, before I can trust it, thats all…
I tried to check it with some port checking websites, no open port found. - my router is in between so this “check” has no use.
netstat: seems useless, as it only indicates the outgoing port number (which are all allowed in this firewall by principle if I am correct), and the foreign incoming which is on the other Computer somewhere far far away…
I can see the given 43201 Qbittorent port in netstat LISTENING, but that would be always the case, as “LISTENING” means it wanna connect, but it didn’t yet connected.
There are “ESTABLISHED” connection for Qbittorent, but I can not see this given 43201 port number, as it showing only the local outgoing port, and the incoming port of the other mashine somewhere.
Questions:
1, Does my firewall status/settings seem right?
2, How can firefox still connect to the internet, if I remove the two above services (dhcpv6-client and mdns)?
3, Do I understand correctly, this firewall leting everything out of my PC, and controls only the incoming traffic? -is it really?
4, Why do I have an “lo” interface? This is some kind of local loop, could this causing something? -maybe because of Tor Browser installed?! -I can see an active traffic going on it.
5, How can Qbittorent indicate “Connection Status” “Active” with the above settings, without opening the given port for it? (-upnp disabled)
It says “- Successfully listening on IP. IP: “xy:xy:xy:%enp3s0”. Port: “TCP/43201”
6, Should I check “Lockdown” in GUI Options? (locks firewall configuration?!, there is a whitelist for lockdown by default)
7, Do I understand nestat correctly? Is there any way to see the incoming (local) port number of a working connection?
Thanks for reading it!
I appreciate the help!