Op woensdag 10 november 2021 17:08:19 CET schreef Eric Garver:
On Wed, Nov 10, 2021 at 04:45:52PM +0100, Freek de Kruijf wrote:
Op woensdag 10 november 2021 14:57:24 CET schreef Eric Garver:
Are you sure the test traffic is ingressing the public zone? It should be received on eth0 based on the details you gave.
Can you answer this? I expect your test traffic is originating from a different zone. Your original email said you're also using the "internal" zone.
In that case, you need to also open the ports in the internal zone. In firewalld, packets ingress one and only one zone.
I have the interface in the public zone and I have the source 192.168.178.0/24 in the internal zone. My understanding is that all packets coming in on the interface without a source address mentioned in the internal zone enter the public zone. So these last packets should be processed by the rules in that public zone, which apparently does not happen, at least not the ones that finally get rejected.
Currently I don t have processes listening on the ports that are allowed, so I can t say they enter a process. I will look at that later.