Hello, I have question abot firewall.
When I go settings->wifi and internet->firewall there are 4 rules in it. I delete them and everything works correct. But after reboot, those rules are back. I tried this few times and the rules are coming back every time. Is it correct? How can I delete them? Of course I save changes.
Please always include the output of your garuda-inxi, as required by the topic template.
Assuming you’re using firewalld, maybe you could try this (and give a look at the article in general, if not working):
6 Likes
Hi. If you do that with firewalld-gui and it looks like so, do keep in mind there are 2 configuration modes: permanent and runtime.
If you change configuration in runtime mode, it will be applied only to the current session.
To change it permanently, you need to do the change in permanent mode.
5 Likes
Yes, that fits, in the GUI, with that suggestion in the Arch wiki.
# firewall-cmd --runtime-to-permanent
3 Likes
Thank you, I willa check the permanent mode. Anyway are default settings safe? They looks to allow any connections from any IP on all ports. When I delete those rules everything is still working fine.
The default firewalld configuration blocks all incoming traffic and allows all outgoing traffic. For typical desktop usage, this is probably what you want (you may not need to change anything).
If you want this machine to accept incoming traffic for some reason (for example, you need to be able to SSH into it, or you want to add a network printer using MDNS), opening additional ports is as simple as adding the needed service to the appropriate firewall zone.
This article is from another distro’s wiki, but is just as relevant here. It explains how to get started with firewalld in a simple, easy-to-understand way:
7 Likes
The use of port 0 is unusual and might not be what you want. Typically, SSH runs on port 22, and DHCPv6 uses UDP ports 546 (client) and 547 (server), not TCP.
If you are using firewalld, you should be able to just add the services you need to the zone you are using.
3 Likes
Can I delete those rules and leave it empty? I did it in runtime mode and everything still worked, so maybe it would be safer to clear those rules?
It is unlikely you will have any traffic that those rules would apply to, due to port 0 being specified like that. So yes, deleting those rules should have no effect.
Outgoing traffic should be allowed by default. So for example, you would not need to add a new rule for your computer to be able to request an IP address from your LAN’s DHCP server. Similarly, you would not need to add a new rule if you want to connect to another device with SSH (from your computer).
Incoming traffic should be blocked by default. So for example, if you are trying to SSH into your computer (from another device), you would need to enable the service for that in the firewall. Or if you are trying to use your computer as the DHCP server, you would need to open up the appropriate port to allow it to receive DHCP requests from clients on the LAN.
2 Likes
I found out what’s going on. Those rules apeear because I set home area in my internet 
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.