On 04/12/2020 12:59, home user wrote:
On 12/3/20 8:10 PM, Ed Greshko wrote:
I believe the firewall on your system is already dropping all incoming connection requests.
Provide the output of....
sudo firewall-cmd --get-active-zones
and then using the result from that command
sudo firewall-cmd --info-zone=whatever-was returned.
-bash.1[~]: firewall-cmd --get-active-zones
libvirt
interfaces: virbr0
public
interfaces: eno1
-bash.2[~]: firewall-cmd --info-zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
The virbr0 interface is the interface between your system and any qemu/kvm Virtual Machines you
deploy. This is an "internal" interface not connected directly to the Internet.
-bash.3[~]: firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client mdns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
-bash.4[~]:
eno1 is your Internet connection and is directly connected from your system to the Arris TM8222G
modem. The only services which are allowed to make incoming connections are dhcpv6-client and mdns.
All other incoming connection requests will be dropped by the firewall.
You most likely don't need mdns (Multicast DNS) and can delete that service. You *may* need dhcpv6-client
to properly configure your IPv6 automatically when the system starts.
To address your other post containing all the Screen shots....
As already noted, this traffic is being seen at the interface before being acted upon by the firewall. So, all
the screen shots show packets arriving on the interface but which will be dropped by the firewall. Thus,
they are all irrelevant.
If you want to know more about the "services" shown in the screen shots one way to do it is lookup the
service in /etc/services.
[egreshko@meimei ~]$ grep tivoconnect /etc/services
tivoconnect 2190/tcp # TiVoConnect Beacon
tivoconnect 2190/udp # TiVoConnect Beacon
And then google the description, in this case "TiVoConnect Beacon". Learn, for example,
http://tivopod.sourceforge.net/tivoconnect.pdf and see that it is a broadcast protocol used
by TiVo devices.
You may see some spikes in CPU usage if a flurry of connection requests arrives and the filrewall
goes through its process to drop them.
---
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
