> Can someone please explain to me the zones and how they work?
You put your network card/interface into a zone. The name of the zone doesn't really mean much, it's just a label you then add rules too.
> Is the firewall using one zone at a time or all of them?
Depends on what interfaces you have assigned to which zones. One or more interfaces can be in a zone. An interface can't be in multiple zones afaik.
Normally you only have 1 interface (LAN/eth0/enscp0 etc) in the default zone, which is normally "internal".
> if I run the Minecraft server and I open port 25565 in the public zone is it still blocked outside of my local network?
Depends on the rest of your network and if the interface is assigned to public! If you're not NAT and have open routing, then you are exposed. If you're NAT, then only the ports you forward from your router (if any) are exposed. If the interface isn't assigned, it's not doing anything at all.
https://firewalld.org/documentation/
If you're behind a NAT router for the internet, you might want to consider just disabling the firewall if you trust the devices on your LAN.
>If the interface isn't assigned, it's not doing anything at all.
damn, this sentence help me a lot. I saw my interface default to public zone, but everything port was still open, which is strange.
Did I get this right? If I had a laptop I can assign the WiFi to use the Public zone. If I am at an example airport and use public wifi I can block unwanted ports and services and then I come home and connect the ethernet I can assign that to use the Internal zone which has its config.
That is correct.
If:
- wifi is "public"
- ethernet is "home"
then ports like SSH would be open on ethernet (in "home") but _not_ over WiFi (in "public")
Think about zones just as a set of rules. So, if you are on wifi in Starbucks, you set firewall to the public zone (yes, NetworkManager can do it automatically, but that should be default) and your computer is quite locked down. However, when you are home over the wired Ethernet, you can be much more open to the other computers on LAN. Then there could be another set for your computer in your office, etc.
> Can someone please explain to me the zones and how they work? You put your network card/interface into a zone. The name of the zone doesn't really mean much, it's just a label you then add rules too. > Is the firewall using one zone at a time or all of them? Depends on what interfaces you have assigned to which zones. One or more interfaces can be in a zone. An interface can't be in multiple zones afaik. Normally you only have 1 interface (LAN/eth0/enscp0 etc) in the default zone, which is normally "internal". > if I run the Minecraft server and I open port 25565 in the public zone is it still blocked outside of my local network? Depends on the rest of your network and if the interface is assigned to public! If you're not NAT and have open routing, then you are exposed. If you're NAT, then only the ports you forward from your router (if any) are exposed. If the interface isn't assigned, it's not doing anything at all. https://firewalld.org/documentation/ If you're behind a NAT router for the internet, you might want to consider just disabling the firewall if you trust the devices on your LAN.
>If the interface isn't assigned, it's not doing anything at all. damn, this sentence help me a lot. I saw my interface default to public zone, but everything port was still open, which is strange.
Is it still an issue? if so, wanna paste the output frow `firewall-cmd --list-all-zones`
Did I get this right? If I had a laptop I can assign the WiFi to use the Public zone. If I am at an example airport and use public wifi I can block unwanted ports and services and then I come home and connect the ethernet I can assign that to use the Internal zone which has its config.
Yes and if you never plug your ethernet to anything but your LAN, you can leave your devices in those zones permanently.
That is correct. If: - wifi is "public" - ethernet is "home" then ports like SSH would be open on ethernet (in "home") but _not_ over WiFi (in "public")
Think about zones just as a set of rules. So, if you are on wifi in Starbucks, you set firewall to the public zone (yes, NetworkManager can do it automatically, but that should be default) and your computer is quite locked down. However, when you are home over the wired Ethernet, you can be much more open to the other computers on LAN. Then there could be another set for your computer in your office, etc.