Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Firewalld - source IP not working
Operating Systems Linux Red Hat Firewalld - source IP not working Post 303003725 by fishface on Tuesday 19th of September 2017 04:35:12 PM
Old 09-19-2017
I have added the interface, it's also in defined /etc/sysconfig/network-scripts/ifcfg-ens192, thinking that might be the issue but it made no difference.

Code:
firewall-cmd --get-active-zones
ABCinternal
  interfaces: ens192
  sources: 192.168.1.10 192.168.1.99

Code:
firewall-cmd --zone=ABCinternal --list-protocols
firewall-cmd --zone=public --list-protocols
firewall-cmd --zone=internal --list-protocols
firewall-cmd --zone=drop --list-protocols
firewall-cmd --zone=trusted --list-protocols
firewall-cmd --zone=dmz --list-protocols
firewall-cmd --zone=home --list-protocols
firewall-cmd --zone=work --list-protocols
firewall-cmd --zone=external --list-protocols

The above produced no output

Code:
firewall-cmd --zone=ABCinternal --list-services
ssh
firewall-cmd --zone=public --list-services
dhcpv6-client
firewall-cmd --zone=internal --list-services
ssh mdns samba-client dhcpv6-client
firewall-cmd --zone=drop --list-services
no output
firewall-cmd --zone=trusted --list-services
no output
firewall-cmd --zone=dmz --list-services
dmz
firewall-cmd --zone=home --list-services
ssh mdns samba-client dhcpv6-client
firewall-cmd --zone=work --list-services
ssh dhcpv6-client
firewall-cmd --zone=external --list-services
ssh

Also /etc/firewalld/zones only has 2 zones

ABCinternal.xml
ABCinternal.xml.old
public.xml
public.xml.old
 

8 More Discussions You Might Find Interesting

1. Solaris

GUI not working... CLI is working fine

Hello, I have X4500 running Solaris 10. I can access it through CLI but I cannot see the GUI. When I reboot it, the GUI works till all the files are loaded (ie., the initial boot sequence) and it prompts me to enter username and password and there it ends. The screen just has a blinking cursor... (4 Replies)
Discussion started by: bharu_sri
4 Replies

2. Shell Programming and Scripting

Script not working in cron but working fine manually

Help. My script is working fine when executed manually but the cron seems not to catch up the command when registered. The script is as follow: #!/bin/sh for file in file_1.txt file_2.txt file_3.txt do awk '{ print "0" }' $file > tmp.tmp mv tmp.tmp $file done And the cron... (2 Replies)
Discussion started by: jasperux
2 Replies

3. Red Hat

Os Open source dialer not working on Centos Asterisk platform

Hi We have one centos Server on Asterisk platform and using OS Open source dialer for dialing outbound connections.We are using eyebeam as a softphone for calling with Server ip 192.168.1.X.Today i found dialing issues with each client side phones.Not showing pause/resume button when browse... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

4. Red Hat

Nslookup working but ping not working at windows client

Hi Team we have created a DNS server at RHEL6.2 environment in 10.20.203.x/24 network. Everything is going well on linux client as nslookup, ping by host etc in entire subnet. We are getting problem in windows client as nslookup working as well but not ping. all the firewall is disabled and... (5 Replies)
Discussion started by: boby.kumar
5 Replies

5. Shell Programming and Scripting

Automating pbrun /bin/su not working, whenever manually it is working using putty

I am trying to automate a script where I need to use pbrun /bin/su but for some reason it is not passing thru the pbrun as my code below. . ~/.bash_profile pbrun /bin/su - content c h 1 hpsvn up file path I am executing this from an external .sh file that is pointing to this scripts file... (14 Replies)
Discussion started by: jorgejac
14 Replies

6. Red Hat

Firewalld - multiple services / sources?

If you have a system with one network interface, and you want to allow ssh from some addresses, freeipa-ldap from others, and https (which is part of freeipa-ldap) from another one; and you do not want to have a sea of rich rules... how do you do that? I can't tell if firewalld is just really... (2 Replies)
Discussion started by: jnojr
2 Replies

7. Shell Programming and Scripting

Working web service call not working with curl

Hello, Newbie here, I have a perfectly well working web service call I can issue from chrome (PC Windows 10) and get the results I want (a dimmer being turned on in Fibaro Home Center 2 at level 40) I am not allowed to post urls but the below works with http and :// and... (3 Replies)
Discussion started by: abigbear
3 Replies

8. Shell Programming and Scripting

Disk Space Utilization in HTML format working in one environment and not working on the other

Hi Team, I have written the shell script which returns the result of the disk space filesystems which has crossed the threshold limit in HTML Format. Below mentioned is the script which worked perfectly on QA system. df -h | awk -v host=`hostname` ' BEGIN { print "<table border="4"... (13 Replies)
Discussion started by: Harihsun
13 Replies

LEARN ABOUT DEBIAN

shorewall-hosts

SHOREWALL-HOSTS(5)						  [FIXME: manual]						SHOREWALL-HOSTS(5)

NAME

       hosts - Shorewall file

SYNOPSIS

       /etc/shorewall/hosts

DESCRIPTION

       This file is used to define zones in terms of subnets and/or individual IP addresses. Most simple setups don't need to (should not) place
       anything in this file.

       The order of entries in this file is not significant in determining zone composition. Rather, the order that the zones are declared in
       shorewall-zones[1](5) determines the order in which the records in this file are interpreted.

	   Warning
	   The only time that you need this file is when you have more than one zone connected through a single interface.

	   Warning
	   If you have an entry for a zone and interface in shorewall-interfaces[2](5) then do not include any entries in this file for that same
	   (zone, interface) pair.

       The columns in the file are as follows.

       ZONE - zone-name
	   The name of a zone declared in shorewall-zones[1](5). You may not list the firewall zone in this column.

       HOST(S) - interface:{[{address-or-range[,address-or-range]...|+ipset|dynamic}[exclusion]
	   The name of an interface defined in the shorewall-interfaces[2](5) file followed by a colon (":") and a comma-separated list whose
	   elements are either:

	    1. The IP address of a host.

	    2. A network in CIDR format.

	    3. An IP address range of the form low.address-high.address. Your kernel and iptables must have iprange match support.

	    4. The name of an ipset.

	    5. The word dynamic which makes the zone dynamic in that you can use the shorewall add and shorewall delete commands to change to
	       composition of the zone.

	   You may also exclude certain hosts through use of an exclusion (see shorewall-exclusion[3](5).

       OPTIONS (Optional) - [option[,option]...]
	   A comma-separated list of options from the following list. The order in which you list the options is not significant but the list must
	   have no embedded white space.

	   blacklist
	       Check packets arriving on this port against the shorewall-blacklist[4](5) file.

	   broadcast
	       Used when you want to include limited broadcasts (destination IP address 255.255.255.255) from the firewall to this zone. Only
	       necessary when:

		1. The network specified in the HOST(S) column does not include 255.255.255.255.

		2. The zone does not have an entry for this interface in shorewall-interfaces[2](5).

	   destonly
	       Normally used with the Multi-cast IP address range (224.0.0.0/4). Specifies that traffic will be sent to the specified net(s) but
	       that no traffic will be received from the net(s).

	   ipsec
	       The zone is accessed via a kernel 2.6 ipsec SA. Note that if the zone named in the ZONE column is specified as an IPSEC zone in the
	       shorewall-zones[1](5) file then you do NOT need to specify the 'ipsec' option here.

	   maclist
	       Connection requests from these hosts are compared against the contents of shorewall-maclist[5](5). If this option is specified, the
	       interface must be an ethernet NIC or equivalent and must be up before Shorewall is started.

	   mss=mss
	       Added in Shorewall 4.5.2. When present, causes the TCP mss for new connections to/from the hosts given in the HOST(S) column to be
	       clamped at the specified mss.

	   nosmurfs
	       This option only makes sense for ports on a bridge.

	       Filter packets for smurfs (packets with a broadcast address as the source).

	       Smurfs will be optionally logged based on the setting of SMURF_LOG_LEVEL in shorewall.conf[6](5). After logging, the packets are
	       dropped.

	   routeback
	       Shorewall should set up the infrastructure to pass packets from this/these address(es) back to themselves. This is necessary if
	       hosts in this group use the services of a transparent proxy that is a member of the group or if DNAT is used to send requests
	       originating from this group to a server in the group.

	   tcpflags
	       Packets arriving from these hosts are checked for certain illegal combinations of TCP flags. Packets found to have such a
	       combination of flags are handled according to the setting of TCP_FLAGS_DISPOSITION after having been logged according to the
	       setting of TCP_FLAGS_LOG_LEVEL.

EXAMPLES

       Example 1
	   The firewall runs a PPTP server which creates a ppp interface for each remote client. The clients are assigned IP addresses in the
	   network 192.168.3.0/24 and in a zone named 'vpn'.

	       #ZONE	   HOST(S)		 OPTIONS
	       vpn	   ppp+:192.168.3.0/24

FILES

       /etc/shorewall/hosts

SEE ALSO

       http://shorewall.net/configuration_file_basics.htm#Pairs

       shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall_interfaces(5), shorewall-ipsets(5),
       shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-nesting(5), shorewall-netmap(5), shorewall-params(5),
       shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
       shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
       shorewall-tunnels(5), shorewall-zones(5)

NOTES

	1. shorewall-zones
	   http://www.shorewall.net/manpages/shorewall-zones.html

	2. shorewall-interfaces
	   http://www.shorewall.net/manpages/shorewall-interfaces.html

	3. shorewall-exclusion
	   http://www.shorewall.net/manpages/shorewall-exclusion.html

	4. shorewall-blacklist
	   http://www.shorewall.net/manpages/shorewall-blacklist.html

	5. shorewall-maclist
	   http://www.shorewall.net/manpages/shorewall-maclist.html

	6. shorewall.conf
	   http://www.shorewall.net/manpages/shorewall.conf.html

[FIXME: source] 						    06/28/2012							SHOREWALL-HOSTS(5)
All times are GMT -4. The time now is 07:54 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy