ahoj,
vo firewalld mam definovane tieto 2 zony:
internal (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.0.105/32
services: cockpit ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
root@homeassistant:~# firewall-cmd --zone=home --list-all
home (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.0.0/24
services: home_assistant
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
pri ssh-ckovani zo zdroja 192.168.0.105 vsak v logu vidim:
filter_IN_home_REJECT: IN=eth0 OUT= MAC=xxx SRC=192.168.0.105 DST=192.168.0.xxx LEN=60 TOS=0x08 PREC=0x40 TTL=64 ID=5279 DF PROTO=TCP SPT=52666 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0
teda bloknutie v zone home.
ak mam vsak zdroje, tak konkretnejsie pravidla (single IP v internal zone) maju prednost pred menej konkretnymi (range v home). ale bud to v tomto pripade (pri vyhodnocovani priority zon) neplati alebo mam nieco nekde zle nastavene.
moze mi to prosim niekto skuseny objasnit?
vdaka, j
3 Odpovědí
2251 Zhlédnutí