1. Forum
  2. Usenet
  3. UK.COMP.OS.LINUX

  • odd firewall behaviour

    From Andy Burns@21:1/5 to All on Mon Aug 29 19:01:07 2022
    I use Fedora, currently F36 but the installation has rolled-over numerous versions.

    fedora uses firewalld and I configure it using firewall-config GUI

    I've got my interfaces, zones, ports etc configured as I want, and runtime settings saved to permanent settings, it all works as I want provided I'm logged
    in on the console.

    However at any time I'm not logged in on the graphical console, the firewall goes into "block everything" mode, this is rather annoying after a reboot.

    I can't see any sign of other users having a similar issue, it didn't used to be
    like this until three or four releases ago, the firewall would start-up as expected with allowed ports working after a reboot.

    Any suggestions why?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burns@21:1/5 to Andy Burns on Mon Aug 29 19:52:25 2022
    Andy Burns wrote:

    it all works as I want provided I'm logged in on the console.

    Actually it all works, as log as I'm either logged in on the console, or via ssh, but as soon as all logins are closed it goes into "blocking" mode.

    So after reboot, I can login on console, that enables me to login via ssh, if I logout the console the ssh connection continues, and e.g pings to the machine continue to work, as soon as I close the ssh session, the pings stop, and I can't re-connect over ssh until I re-login on the console ...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From #Paul@21:1/5 to Andy Burns on Sat Sep 3 22:20:07 2022
    Andy Burns <usenet@andyburns.uk> wrote:
    Actually it all works, as log as I'm either logged in on the console, or via ssh, but as soon as all logins are closed it goes into "blocking" mode.

    Arguably that might be sensible behaviour for an end-user computer that
    isn't being expected to run any persistent services; i.e. unless a user
    is present, make sure the computer is safe. Is there perhaps some kind
    of setting or config option to change into "server" mode or similar?

    #Paul

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burns@21:1/5 to All on Mon Sep 5 09:51:49 2022
    #Paul wrote:

    Andy Burns wrote:

    Actually it all works, as log as I'm either logged in on the console, or via >> ssh, but as soon as all logins are closed it goes into "blocking" mode.

    Arguably that might be sensible behaviour for an end-user computer that
    isn't being expected to run any persistent services; i.e. unless a user
    is present, make sure the computer is safe.

    Well, I had wondered that, since I am running Fedora "Workstation" Edition, but can't find any documentation to that effect, systemd doesn't seem to be starting/stopping firewalld.service at each login/logout event

    Is there perhaps some kind
    of setting or config option to change into "server" mode or similar?

    not found one ...

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)