What incoming TCP and UDP connections are permitted, by the default firewall policy of Fedora Workstation, and Fedora Server?
I am interested in the current version, Fedora 28.
fedorafirewallfirewalld
What incoming TCP and UDP connections are permitted, by the default firewall policy of Fedora Workstation, and Fedora Server?
I am interested in the current version, Fedora 28.
Best Answer
Look at the default zone definitions in
/usr/lib/firewalld/zones/
, and cross-reference them against/usr/lib/firewalld/services/
.FedoraWorkstation.xml
FedoraServer.xml
("cockpit" is implemented as a web server running on TCP port 9090. It uses HTTPS and password authentication. There is an alternative option to use SSH and SSH key authentication as well).
Does it allow MDNS / avahi?
This is slightly confusing when you look at the package. The package includes a patch to enable MDNS by default, but it does not touch either of these files. Nevertheless, MDNS will be allowed on Fedora Workstation. The standard MDNS port is 5353, which is in the "high ports" that Fedora Workstation allows (1025-65535).
The MDNS patch pre-dates
FedoraWorkstation.xml
andFedoraServer.xml
in Fedora 21 (2014-12-09). This was the first release of Fedora to be split into Workstation and Server editions. In Fedora 20, the default zone definition waspublic.xml
and it allowed MDNS.Fedora 21 and its Workstation firewall -- LWN.net, 2014-12-17
https://src.fedoraproject.org/rpms/firewalld/tree/f28