Hi everybody, I recently installed OpenSuse Leap, but I have trouble working with firewalld.
The goal is to accept incoming ssh and vnc connections from two IPs exclusively, but it just does'nt work.
I removed all interfaces from zone public, set the internal zone up so that it has only the two IPs as sources and only the ssh and vnc services, but I still get asked for password when I try to ssh into the machine from an IP that is not listed.
Any hints?
edit:
Even with this configuration here, incoming ssh connections from an unlisted address still ask for password:
firewall-cmd --get-active-zones
docker
interfaces: docker0
drop
interfaces: eth0 br0
internal
sources: 192.168.0.3/24 192.168.0.2/24
I think the problem is that you're adding a subnet mask (/24) to your IPs. They should either be bare or have a /32 mask. The /24 mask is allowing the whole 192.168.0.1-254 address range.
Thank you so much, removing the subnet part actually fixed it!!
I thought I'd have to be more specific than just the IP, but listing them bare is apparently how you do it.