Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewalld - multiple services / sources?
Operating Systems Linux Red Hat Firewalld - multiple services / sources? Post 302999341 by hergp on Saturday 17th of June 2017 05:42:53 PM
Old 06-17-2017
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test
Code:
firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the 10.100.250.0/24 address range
Code:
firewall-cmd --permanent --zone=test --add-source=10.100.250.0/24

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone
Code:
firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml
Code:
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <source address="10.100.250.0/24"/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>
</zone>

When you are done, activate your changes with
Code:
firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
This User Gave Thanks to hergp For This Post:
MadeInGermany
 

9 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

unix sources

hello, i'm looking for the sources of the old, original unices (v3 preferred). could someone point a link? (2 Replies)
Discussion started by: fdarkangel
2 Replies

2. Linux

Kernel sources

I"m installing my ATI card in FC4. I'm going off of instructions that i've found. The firs step says that i need my kernel sources which i've got then it says that i've gotta unpack them so i can make links to the file later. My kernel sources that i've got are .src.rpm I've installed them but... (1 Reply)
Discussion started by: byblyk
1 Replies

3. News, Links, Events and Announcements

Are the UnixWare 7.1.1 sources available?

So, I was browsing groklaw.net, and I was surprised to read that Pamela Jones was reading the copyright notices in the UnixWare 7.1.1 source code files... Groklaw - Santa Cruz Listed Novell as Owning the Copyrights in 1999 How can that be? Are the UnixWare 7.1.1 sources available to the... (1 Reply)
Discussion started by: pepinox
1 Replies

4. UNIX for Dummies Questions & Answers

Question about I/O sources

Hi all, What is the difference between these two comands? sed s/a/b/ <f1 >f2 sed s/a/b/ f1 >f2 Best, santiagorf (3 Replies)
Discussion started by: santiagorf
3 Replies

5. Red Hat

Restart of services if port no is changed in /etc/services in RHEL

I had a doubt if any services need to be restarted if port no in /etc/services in an RHEL setup is changed. For eg, the port no of 443 for SSL may need to be changed. I hope my query is clear whether any services need to be restarted if port no in /etc/services is changed. Please revert with... (10 Replies)
Discussion started by: RHCE
10 Replies

6. Shell Programming and Scripting

Script to Start services based on dependent services on other AIX machine

Hi, I just started working on a script. After my research, i found a command which can help me: AIM: To build a script which starts the services (Services 1) on server 1 automatically whenever its down. And it has a dependency on other service (Service 2) on Server 2. So my script has to... (4 Replies)
Discussion started by: draghun9
4 Replies

7. SuSE

How to configure sntp client with multiple time sources?

Hi, What is the syntax to configure sntp client to have multiple time sources? I tried to use the below syntax, but when the src1 is not reachable, the sntp does not even try to sync to src2: # /usr/sbin/sntp -P no -r src1 src2 sntp: receive timed out after 3 seconds sntp: receive timed... (0 Replies)
Discussion started by: Juha
0 Replies

8. Programming

Can anyone provide some sources about bank IT

I am working in IT company working for banks.I find hardly to get technology about bank IT on the internet.Consider banks all using Unix, I think I can get some help here. Recommend some sits or books about bank IT will be very helpful!! (0 Replies)
Discussion started by: hhdzhu
0 Replies

9. Red Hat

Firewalld - source IP not working

New to firewalld, and having an issue trying to emulate my old iptable ruleset. Server has one network interface, which I usually only allow SSH in from certain IPs, I know I can do this with rich rules but have read that this is sub-optimal. So, I created a new zone, ABCinternal, added a... (8 Replies)
Discussion started by: fishface
8 Replies

LEARN ABOUT CENTOS

firewalld.lockdown-whitelist

FIREWALLD.LOCKDOWN(5)					   firewalld.lockdown-whitelist 				     FIREWALLD.LOCKDOWN(5)

NAME

       firewalld.lockdown-whitelist - firewalld lockdown whitelist configuration file

SYNOPSIS

       /etc/firewalld/lockdown-whitelists.xml

DESCRIPTION

       The firewalld lockdown-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white-listed when
       firewalld lockdown feature is enabled (see firewalld.conf(5) and firewall-cmd(1)).

       This example configuration file shows the structure of an lockdown-whitelist file:

	   <?xml version="1.0" encoding="utf-8"?>
	   <whitelist>
	     <selinux context="selinuxcontext"/>
	     <command name="commandline[*]"/>
	     <user {name="username|id="userid"}/>
	   </whitelist>

OPTIONS

       The config can contain these tags and attributes. Some of them are mandatory, others optional.

   whitelist
       The mandatory whitelist start and end tag defines the lockdown-whitelist. This tag can only be used once in a lockdown-whitelist
       configuration file. There are no attributes for this.

   selinux
       Is an optional empty-element tag and can be used several times to have more than one selinux contexts entries. A selinux entry has exactly
       one attribute:

       context="string"
	   The context is the security (SELinux) context of a running application or service.

	   To get the context of a running application use ps -e --context and search for the application that should be white-listed.

	   Warning: If the context of an application is unconfined, then this will open access for more than the desired application.

   command
       Is an optional empty-element tag and can be used several times to have more than one command entry. A command entry has exactly one
       attribute:

       name="string"
	   The command string is a complete command line including path and also attributes.

	   If a command entry ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the
	   absolute command inclusive arguments must match.

	   Commands for user root and others is not always the same, the used path depends on the use of the PATH environment variable.

   user
       Is an optional empty-element tag and can be used several times to white-list more than one user. A user entry has exactly one attribute of
       these:

       name="string"
	   The user with the name string will be white-listed.

       id="integer"
	   The user with the id userid will be white-listed.

SEE ALSO

       firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
       firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
       firewalld.zones(5)

NOTES

       firewalld home page at fedorahosted.org:
	   http://fedorahosted.org/firewalld/

       More documentation with examples:
	   http://fedoraproject.org/wiki/FirewallD

AUTHORS

       Thomas Woerner <twoerner@redhat.com>
	   Developer

       Jiri Popelka <jpopelka@redhat.com>
	   Developer

firewalld 0.3.9 													     FIREWALLD.LOCKDOWN(5)
All times are GMT -4. The time now is 03:40 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy