Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewalld - multiple services / sources?
Operating Systems Linux Red Hat Firewalld - multiple services / sources? Post 302999341 by hergp on Saturday 17th of June 2017 05:42:53 PM
Old 06-17-2017
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test
Code:
firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the 10.100.250.0/24 address range
Code:
firewall-cmd --permanent --zone=test --add-source=10.100.250.0/24

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone
Code:
firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <source address="10.100.250.0/24"/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>
</zone>

When you are done, activate your changes with
Code:
firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
This User Gave Thanks to hergp For This Post:
MadeInGermany
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

unix sources

hello, i'm looking for the sources of the old, original unices (v3 preferred). could someone point a link? (2 Replies)
Discussion started by: fdarkangel
2 Replies

2. Linux

Kernel sources

I"m installing my ATI card in FC4. I'm going off of instructions that i've found. The firs step says that i need my kernel sources which i've got then it says that i've gotta unpack them so i can make links to the file later. My kernel sources that i've got are .src.rpm I've installed them but... (1 Reply)
Discussion started by: byblyk
1 Replies

3. News, Links, Events and Announcements

Are the UnixWare 7.1.1 sources available?

So, I was browsing groklaw.net, and I was surprised to read that Pamela Jones was reading the copyright notices in the UnixWare 7.1.1 source code files... Groklaw - Santa Cruz Listed Novell as Owning the Copyrights in 1999 How can that be? Are the UnixWare 7.1.1 sources available to the... (1 Reply)
Discussion started by: pepinox
1 Replies

4. UNIX for Dummies Questions & Answers

Question about I/O sources

Hi all, What is the difference between these two comands? sed s/a/b/ <f1 >f2 sed s/a/b/ f1 >f2 Best, santiagorf (3 Replies)
Discussion started by: santiagorf
3 Replies

5. Red Hat

Restart of services if port no is changed in /etc/services in RHEL

I had a doubt if any services need to be restarted if port no in /etc/services in an RHEL setup is changed. For eg, the port no of 443 for SSL may need to be changed. I hope my query is clear whether any services need to be restarted if port no in /etc/services is changed. Please revert with... (10 Replies)
Discussion started by: RHCE
10 Replies

6. Shell Programming and Scripting

Script to Start services based on dependent services on other AIX machine

Hi, I just started working on a script. After my research, i found a command which can help me: AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2. So my script has to... (4 Replies)
Discussion started by: draghun9
4 Replies

7. SuSE

How to configure sntp client with multiple time sources?

Hi, What is the syntax to configure sntp client to have multiple time sources? I tried to use the below syntax, but when the src1 is not reachable, the sntp does not even try to sync to src2: # /usr/sbin/sntp -P no -r src1 src2 sntp: receive timed out after 3 seconds sntp: receive timed... (0 Replies)
Discussion started by: Juha
0 Replies

8. Programming

Can anyone provide some sources about bank IT

I am working in IT company working for banks.I find hardly to get technology about bank IT on the internet.Consider banks all using Unix, I think I can get some help here. Recommend some sits or books about bank IT will be very helpful!! (0 Replies)
Discussion started by: hhdzhu
0 Replies

9. Red Hat

Firewalld - source IP not working

New to firewalld, and having an issue trying to emulate my old iptable ruleset. Server has one network interface, which I usually only allow SSH in from certain IPs, I know I can do this with rich rules but have read that this is sub-optimal. So, I created a new zone, ABCinternal, added a... (8 Replies)
Discussion started by: fishface
8 Replies

LEARN ABOUT CENTOS

firewalld.zones

FIREWALLD.ZONES(5)						  firewalld.zones						FIREWALLD.ZONES(5)

NAME

       firewalld.zones - firewalld zones

DESCRIPTION

   What is a zone?
       A network zone defines the level of trust for network connections. This is a one to many relation, which means that a connection can only
       be part of one zone, but a zone can be used for many network connections.

       The zone defines the firewall features that are enabled in this zone:

       Predefined services
	   A service is a combination of port and/or protocol entries. Optionally netfilter helper modules can be added and also a IPv4 and IPv6
	   destination address.

       Ports and protocols
	   Definition of tcp or udp ports, where ports can be a single port or a port range.

       ICMP blocks
	   Blocks selected Internet Control Message Protocol (ICMP) messages. These messages are either information requests or created as a reply
	   to information requests or in error conditions.

       Masquerading
	   The addresses of a private network are mapped to and hidden behind a public IP address. This is a form of address translation.

       Forward ports
	   A forward port is either mapped to the same port on another host or to another port on the same host or to another port on another
	   host.

       Rich language rules
	   The rich language extends the elements (service, port, icmp-block, masquerade and forward-port) with additional source and destination
	   addresses, logging, actions and limits for logs and actions. It can also be used for host or network white and black listing (for more
	   information, please have a look at firewalld.richlanguage(5)).

       For more information on the zone file format, please have a look at firewalld.zone(5).

   Which zones are available?
       Here are the zones provided by firewalld sorted according to the default trust level of the zones from untrusted to trusted:

       drop
	   Any incoming network packets are dropped, there is no reply. Only outgoing network connections are possible.

       block
	   Any incoming network connections are rejected with an icmp-host-prohibited message for IPv4 and icmp6-adm-prohibited for IPv6. Only
	   network connections initiated within this system are possible.

       public
	   For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       external
	   For use on external networks with masquerading enabled especially for routers. You do not trust the other computers on networks to not
	   harm your computer. Only selected incoming connections are accepted.

       dmz
	   For computers in your demilitarized zone that are publicly-accessible with limited access to your internal network. Only selected
	   incoming connections are accepted.

       work
	   For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       home
	   For use in home areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections
	   are accepted.

       internal
	   For use on internal networks. You mostly trust the other computers on the networks to not harm your computer. Only selected incoming
	   connections are accepted.

       trusted
	   All network connections are accepted.

   Which zone should be used?
       A public WIFI network connection for example should be mainly untrusted, a wired home network connection should be fairly trusted. Select
       the zone that best matches the network you are using.

   How to configure or add zones?
       To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration: These are the
       graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-BUS interface. Or you can create or copy a zone
       file in one of the configuration directories.  /usr/lib/firewalld/zones is used for default and fallback configurations and
       /etc/firewalld/zones is used for user created and customized configuration files.

   How to set or change a zone for a connection?
       The zone is stored into the ifcfg of the connection with ZONE=option. If the option is missing or empty, the default zone set in firewalld
       is used.

       If the connection is controlled by NetworkManager, you can also use nm-connection-editor to change the zone.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 														FIREWALLD.ZONES(5)
All times are GMT -4. The time now is 12:58 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy