Op zaterdag 11 december 2021 11:45:22 CET schreef Andrew Moore:
I have the interface in the public zone and I have the source 192.168.178.0/24
in the internal zone. My understanding is that all
packets coming in on the interface without a source address mentioned in the internal zone enter the public zone. So these last packets should be processed by the rules in that public zone, which apparently does not happen, at least not the ones that finally get rejected.
Hi,
I'm not a firewalld/nftables expert, but from your description, it seems that you want all TCP traffic addressed to a specified port range to be rejected and logged. If so, then rather add your rich rule(s) to the public zone, how about adding them to the internal zone, whose rules are evaluated prior to public's (according to the article: https://www.linuxjournal.com/content/understanding-firewalld-multi-zone-con figurations)?
The problem of not appearing of these messages in the log was caused by a an issue in my router and not with the configuration of the firewall.
In the end I could skip the use of firewalld and use directly nftables.
I needed this for the honeypot software on https://github.com/DShield-ISC/ dshield/ to adapt it for the change to nftables instead of iptables, which is declared obsolete.