Unix/Linux Go Back    


Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Firewalld - multiple services / sources?

Red Hat


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 06-16-2017
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
 
Join Date: Feb 2012
Last Activity: 8 August 2017, 2:15 PM EDT
Location: San Diego, CA
Posts: 76
Thanks: 3
Thanked 2 Times in 2 Posts
Firewalld - multiple services / sources?

If you have a system with one network interface, and you want to allow ssh from some addresses, freeipa-ldap from others, and https (which is part of freeipa-ldap) from another one; and you do not want to have a sea of rich rules... how do you do that?

I can't tell if firewalld is just really poorly documented or very limited. I am sorely tempted to disable it and just use good ol' iptables, but I don't like the kneejerk "Just disable it!" attitude, partly because one day there'll be something that you have to do "the new way", and you'll be far behind the curve.
Sponsored Links
    #2  
Old Unix and Linux 06-17-2017
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 25 September 2017, 9:02 AM EDT
Location: Asia pacific region
Posts: 13,635
Thanks: 868
Thanked 1,175 Times in 549 Posts
Did you look into easy to use utilities like iptables?
Sponsored Links
    #3  
Old Unix and Linux 06-17-2017
hergp hergp is offline Forum Advisor  
Problem Eliminator
 
Join Date: Jan 2010
Last Activity: 21 September 2017, 2:35 PM EDT
Location: Vienna, Austria
Posts: 853
Thanks: 32
Thanked 195 Times in 174 Posts
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test

Code:
firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the 10.100.250.0/24 address range

Code:
firewall-cmd --permanent --zone=test --add-source=10.100.250.0/24

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone

Code:
firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml

Code:
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <source address="10.100.250.0/24"/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>
</zone>

When you are done, activate your changes with

Code:
firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
The Following User Says Thank You to hergp For This Useful Post:
MadeInGermany (06-18-2017)
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to configure sntp client with multiple time sources? Juha SuSE 0 09-24-2015 01:26 AM
Script to Start services based on dependent services on other AIX machine draghun9 Shell Programming and Scripting 4 11-22-2013 03:38 PM
Restart of services if port no is changed in /etc/services in RHEL RHCE Red Hat 10 04-18-2013 02:09 PM
Question about I/O sources santiagorf UNIX for Dummies Questions & Answers 3 01-03-2013 05:56 PM
Kernel sources byblyk Linux 1 03-06-2006 05:02 PM



All times are GMT -4. The time now is 12:41 PM.