On Wed, Jun 17, 2020 at 06:13:37AM +0800, Ed Greshko wrote:
On 2020-06-17 04:23, Eric Garver wrote:
> On Wed, Jun 17, 2020 at 03:34:32AM +0800, Ed Greshko wrote:
>> On 2020-06-17 03:23, Eric Garver wrote:
>>> If you've recently updated firewalld check for AllowZoneDrifting in
/etc/firewalld/firewalld.conf.
>>>
>>> Based on the bits of info you gave above you may have been unknowingly
makingÃÂ useÃÂ ofÃÂ undesiredÃÂ behavior.
>>> SeeÃÂ thisÃÂ blogÃÂ postÃÂ forÃÂ furtherÃÂ information:
>>>
>>> ÃÂ ÃÂ ÃÂ ÃÂ https://firewalld.org/2020/01/allowzonedrifting
>>>
>>> HopeÃÂ thatÃÂ helps.
>>
>> No difference when set to "yes".ÃÂ :-(
>
> Can you show you're firewalld configuration?
>
> Â # firewall-cmd --list-all-zones
>
> I wonder if you have port forwarding (e.g. 22 -> foo) on the firewalld node. That
would hijack the SSH connection attempt.
>
Just for refresher....
[egreshko@meimei ~]$ sudo firewall-cmd --get-active-zones
libvirt
 interfaces: virbr0
public
 interfaces: enp2s0 wlp4s0
And then....
[egreshko@meimei ~]$ sudo firewall-cmd --list-all-zones
[..]
I didn't see anything odd in your configuration. Can you show the actual
rulesets?
i.e.
# nft list ruleset
and
# iptables-save