Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewalld - multiple services / sources?
Operating Systems Linux Red Hat Firewalld - multiple services / sources? Post 302999341 by hergp on Saturday 17th of June 2017 05:42:53 PM
Old 06-17-2017
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test
Code:
firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the 10.100.250.0/24 address range
Code:
firewall-cmd --permanent --zone=test --add-source=10.100.250.0/24

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone
Code:
firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <source address="10.100.250.0/24"/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>
</zone>

When you are done, activate your changes with
Code:
firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
This User Gave Thanks to hergp For This Post:
MadeInGermany
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

unix sources

hello, i'm looking for the sources of the old, original unices (v3 preferred). could someone point a link? (2 Replies)
Discussion started by: fdarkangel
2 Replies

2. Linux

Kernel sources

I"m installing my ATI card in FC4. I'm going off of instructions that i've found. The firs step says that i need my kernel sources which i've got then it says that i've gotta unpack them so i can make links to the file later. My kernel sources that i've got are .src.rpm I've installed them but... (1 Reply)
Discussion started by: byblyk
1 Replies

3. News, Links, Events and Announcements

Are the UnixWare 7.1.1 sources available?

So, I was browsing groklaw.net, and I was surprised to read that Pamela Jones was reading the copyright notices in the UnixWare 7.1.1 source code files... Groklaw - Santa Cruz Listed Novell as Owning the Copyrights in 1999 How can that be? Are the UnixWare 7.1.1 sources available to the... (1 Reply)
Discussion started by: pepinox
1 Replies

4. UNIX for Dummies Questions & Answers

Question about I/O sources

Hi all, What is the difference between these two comands? sed s/a/b/ <f1 >f2 sed s/a/b/ f1 >f2 Best, santiagorf (3 Replies)
Discussion started by: santiagorf
3 Replies

5. Red Hat

Restart of services if port no is changed in /etc/services in RHEL

I had a doubt if any services need to be restarted if port no in /etc/services in an RHEL setup is changed. For eg, the port no of 443 for SSL may need to be changed. I hope my query is clear whether any services need to be restarted if port no in /etc/services is changed. Please revert with... (10 Replies)
Discussion started by: RHCE
10 Replies

6. Shell Programming and Scripting

Script to Start services based on dependent services on other AIX machine

Hi, I just started working on a script. After my research, i found a command which can help me: AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2. So my script has to... (4 Replies)
Discussion started by: draghun9
4 Replies

7. SuSE

How to configure sntp client with multiple time sources?

Hi, What is the syntax to configure sntp client to have multiple time sources? I tried to use the below syntax, but when the src1 is not reachable, the sntp does not even try to sync to src2: # /usr/sbin/sntp -P no -r src1 src2 sntp: receive timed out after 3 seconds sntp: receive timed... (0 Replies)
Discussion started by: Juha
0 Replies

8. Programming

Can anyone provide some sources about bank IT

I am working in IT company working for banks.I find hardly to get technology about bank IT on the internet.Consider banks all using Unix, I think I can get some help here. Recommend some sits or books about bank IT will be very helpful!! (0 Replies)
Discussion started by: hhdzhu
0 Replies

9. Red Hat

Firewalld - source IP not working

New to firewalld, and having an issue trying to emulate my old iptable ruleset. Server has one network interface, which I usually only allow SSH in from certain IPs, I know I can do this with rich rules but have read that this is sub-optimal. So, I created a new zone, ABCinternal, added a... (8 Replies)
Discussion started by: fishface
8 Replies

LEARN ABOUT FREEBSD

ldap_cachemgr

ldap_cachemgr(1M)					  System Administration Commands					 ldap_cachemgr(1M)

NAME

       ldap_cachemgr - LDAP daemon to manage client configuration for LDAP based Network Information Service lookups

SYNOPSIS

       /usr/lib/ldap/ldap_cachemgr [-l	log-file] [-g]

DESCRIPTION

       The ldap_cachemgr daemon is a process that provides an up-to-date configuration cache for LDAP naming services. It is started during multi-
       user boot.

       The ldap_cachemgr utility provides caching for all parameters as specified and used by the LDAP naming service clients.	The  ldap_cachemgr
       utility	uses  the  cache  files which are originally created by executing the ldapclient(1M) utility, as cold start files.  Updates to the
       cache files take place dynamically if profiles are used to configure the client. See the init option to ldapclient(1M).

       The ldap_cachemgr utility helps improve the performance of the clients that are using LDAP as the Naming service repository.  In order  for
       the  LDAP  naming  services to function	properly, the ldap_cachemgr daemon must be running. ldap_cachemgr also improves system security by
       making the configuration files readable by superuser only.

       The cache maintained by this daemon is shared by all the processes that access LDAP Naming information.	All processes  access  this  cache
       through	a  door call.  On startup, ldap_cachemgr initializes the cache from the cache files. See ldapclient(1M).  Thus, the cache survives
       machine reboots.

       The ldap_cachemgr daemon also acts as its own administration tool.  If an instance of ldap_cachemgr is already running, commands are passed
       transparently to the running version.

OPTIONS

       The following options are supported:

       -g		       Print current configuration and statistics to standard output. This is the only option executable without superuser
			       privileges.

       -l log-file	       Cause ldap_cachemgr to use a log file other than the default /var/ldap/cachemgr.log.

EXAMPLES

       Example 1: Stopping and Restarting the ldap_cachemgr Daemon

       The following example shows how to stop and to restart the ldap_cachemgr daemon.

       example# svcadm enable network/ldap/client
       example# svcadm disable network/ldap/client

       Example 2: Forcing ldap_cachemgr to Reread the /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred Files

       The following example shows how to force ldap_cachemgr to reread the /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred files

       example# pkill -HUP ldap_cachemgr

FILES

       /var/ldap/cachemgr.log	       Default log file.

       /var/ldap/ldap_client_file      Files containing the LDAP configuration of the client. These files are not to be modified  manually.  Their
       /var/ldap/ldap_client_cred      content is not guaranteed to be human readable.	Use ldapclient(1M) to update these files.

WARNINGS

       The  ldap_cachemgr  utility  is	included  in  the Solaris 9 release on an uncommitted  basis only. It is subject to change or removal in a
       future minor release.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ldap(1), ldapadd(1), ldapdelete(1), ldaplist(1), ldapmodify(1), ldapmodrdn(1), ldapsearch(1),  pkill(1),  svcs(1),  idsconfig(1M),  ldapad-
       dent(1M), ldapclient(1M), suninstall(1M), svcadm(1M), signal.h(3HEAD), resolv.conf(4), attributes(5), smf(5)

NOTES

       The ldap_cachemgr service is managed by the service management facility, smf(5), under the service identifier:

       svc:/network/ldap/client

       Administrative  actions	on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

SunOS 5.10							    1 Aug 2004							 ldap_cachemgr(1M)
All times are GMT -4. The time now is 08:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy