On 04/12/2020 12:59, home user wrote:
On 12/3/20 8:10 PM, Ed Greshko wrote:
>
> I believe the firewall on your system is already dropping all incoming connection
requests.
>
> Provide the output of....
>
> sudo firewall-cmd --get-active-zones
>
> and then using the result from that command
>
> sudo firewall-cmd --info-zone=whatever-was returned.
>
-bash.1[~]: firewall-cmd --get-active-zones
libvirt
interfaces: virbr0
public
interfaces: eno1
-bash.2[~]: firewall-cmd --info-zone=libvirt
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr0
sources:
services: dhcp dhcpv6 dns ssh tftp
ports:
protocols: icmp ipv6-icmp
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" reject
The virbr0 interface is the interface between your system and any qemu/kvm Virtual
Machines you
deploy. This is an "internal" interface not connected directly to the
Internet.
-bash.3[~]: firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client mdns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
-bash.4[~]:
eno1 is your Internet connection and is directly connected from your system to the Arris
TM8222G
modem. The only services which are allowed to make incoming connections are dhcpv6-client
and mdns.
All other incoming connection requests will be dropped by the firewall.
You most likely don't need mdns (Multicast DNS) and can delete that service. You
*may* need dhcpv6-client
to properly configure your IPv6 automatically when the system starts.
To address your other post containing all the Screen shots....
As already noted, this traffic is being seen at the interface before being acted upon by
the firewall. So, all
the screen shots show packets arriving on the interface but which will be dropped by the
firewall. Thus,
they are all irrelevant.
If you want to know more about the "services" shown in the screen shots one way
to do it is lookup the
service in /etc/services.
[egreshko@meimei ~]$ grep tivoconnect /etc/services
tivoconnect 2190/tcp # TiVoConnect Beacon
tivoconnect 2190/udp # TiVoConnect Beacon
And then google the description, in this case "TiVoConnect Beacon". Learn, for
example,
http://tivopod.sourceforge.net/tivoconnect.pdf and see that it is a broadcast protocol
used
by TiVo devices.
You may see some spikes in CPU usage if a flurry of connection requests arrives and the
filrewall
goes through its process to drop them.
---
The key to getting good answers is to ask good questions.