Unix/Linux Go Back    

Red Hat Red Hat is the world's leading open source technology solutions provider with offerings including Red Hat Enterprise Linux (RHEL), Fedora, open source applications, security and systems management, virtualization, and Services Oriented Architecture (SOA) solutions.

Firewalld - multiple services / sources?

Red Hat

Thread Tools Search this Thread Display Modes
Old Unix and Linux 06-16-2017   -   Original Discussion by jnojr
jnojr's Unix or Linux Image
jnojr jnojr is offline
Registered User
Join Date: Feb 2012
Last Activity: 8 August 2017, 2:15 PM EDT
Location: San Diego, CA
Posts: 76
Thanks: 3
Thanked 2 Times in 2 Posts
Firewalld - multiple services / sources?

If you have a system with one network interface, and you want to allow ssh from some addresses, freeipa-ldap from others, and https (which is part of freeipa-ldap) from another one; and you do not want to have a sea of rich rules... how do you do that?

I can't tell if firewalld is just really poorly documented or very limited. I am sorely tempted to disable it and just use good ol' iptables, but I don't like the kneejerk "Just disable it!" attitude, partly because one day there'll be something that you have to do "the new way", and you'll be far behind the curve.
Sponsored Links
Old Unix and Linux 06-17-2017   -   Original Discussion by jnojr
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Join Date: Sep 2000
Last Activity: 18 January 2018, 9:52 AM EST
Location: Asia pacific region
Posts: 14,293
Thanks: 960
Thanked 1,317 Times in 628 Posts
Did you look into easy to use utilities like iptables?
Sponsored Links
Old Unix and Linux 06-17-2017   -   Original Discussion by jnojr
hergp's Unix or Linux Image
hergp hergp is offline Forum Advisor  
Problem Eliminator
Join Date: Jan 2010
Last Activity: 15 January 2018, 3:08 AM EST
Location: Vienna, Austria
Posts: 853
Thanks: 37
Thanked 195 Times in 174 Posts
Firewalld implements a zone concept. To allow access to services based on the source address, just create a new zone, add source addresses and services to the zone and you are done.

Here is an example.

First we create a new zone named test

firewall-cmd --permanent --new-zone=test

This new zone shall be effective for source in the address range

firewall-cmd --permanent --zone=test --add-source=

Now we add ports 22 (represented by the predefined service ssh) and 8080 to the zone

firewall-cmd --permanent --zone=test --add-service=ssh
firewall-cmd --permanent --zone=test --add-port=8080/tcp

These commands created and populated the file /etc/firewalld/zones/test.xml

<?xml version="1.0" encoding="utf-8"?>
  <source address=""/>
  <service name="ssh"/>
  <port protocol="tcp" port="8080"/>

When you are done, activate your changes with

firewall-cmd --reload

A good documentation of firewalld can be found here: Firewalld - FedoraProject
The Following User Says Thank You to hergp For This Useful Post:
MadeInGermany (06-18-2017)
Sponsored Links

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
How to configure sntp client with multiple time sources? Juha SuSE 0 09-24-2015 02:26 AM
Script to Start services based on dependent services on other AIX machine draghun9 Shell Programming and Scripting 4 11-22-2013 04:38 PM
Restart of services if port no is changed in /etc/services in RHEL RHCE Red Hat 10 04-18-2013 03:09 PM
Question about I/O sources santiagorf UNIX for Dummies Questions & Answers 3 01-03-2013 06:56 PM
Kernel sources byblyk Linux 1 03-06-2006 06:02 PM

All times are GMT -4. The time now is 01:51 PM.