Unix/Linux Go Back    

Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Firewalld - multiple services / sources?

Red Hat

Thread Tools Search this Thread Display Modes
Old Unix and Linux 1 Week Ago
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
Join Date: Feb 2012
Last Activity: 22 June 2017, 6:41 PM EDT
Location: San Diego, CA
Posts: 74
Thanks: 3
Thanked 2 Times in 2 Posts
Firewalld - multiple services / sources?

If you have a system with one network interface, and you want to allow ssh from some addresses, freeipa-ldap from others, and https (which is part of freeipa-ldap) from another one; and you do not want to have a sea of rich rules... how do you do that?

I can't tell if firewalld is just really poorly documented or very limited. I am sorely tempted to disable it and just use good ol' iptables, but I don't like the kneejerk "Just disable it!" attitude, partly because one day there'll be something that you have to do "the new way", and you'll be far behind the curve.
Sponsored Links
Old Unix and Linux 1 Week Ago
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Join Date: Sep 2000
Last Activity: 24 June 2017, 5:18 AM EDT
Location: Asia pacific region
Posts: 13,580
Thanks: 850
Thanked 1,139 Times in 533 Posts
Did you look into easy to use utilities like iptables?
Sponsored Links
Old Unix and Linux 6 Days Ago
hergp hergp is offline Forum Advisor  
Problem Eliminator
Join Date: Jan 2010
Last Activity: 22 June 2017, 4:21 PM EDT
Location: Vienna, Austria
Posts: 846
Thanks: 32
Thanked 193 Times in 172 Posts
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test

firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the address range

firewall-cmd --permanent --zone=test --add-source=

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone

firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml

<?xml version="1.0" encoding="utf-8"?>
  <source address=""/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>

When you are done, activate your changes with

firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
The Following User Says Thank You to hergp For This Useful Post:
MadeInGermany (6 Days Ago)
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to configure sntp client with multiple time sources? Juha SuSE 0 09-24-2015 01:26 AM
Script to Start services based on dependent services on other AIX machine draghun9 Shell Programming and Scripting 4 11-22-2013 03:38 PM
Restart of services if port no is changed in /etc/services in RHEL RHCE Red Hat 10 04-18-2013 02:09 PM
Question about I/O sources santiagorf UNIX for Dummies Questions & Answers 3 01-03-2013 05:56 PM
Kernel sources byblyk Linux 1 03-06-2006 05:02 PM

All times are GMT -4. The time now is 09:59 AM.