New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Firewalld - creating zone based on destination IP
Hi,
I have a server with a single NIC, single interface, but multiple IPs.
I want to whitelist access to a port on the server but only on one of the IPs.
So with iptables I would do:
-A INPUT -p tcp -m tcp -d 180.10.10.10 --dport 12345 -j ACCEPT
and that would let me open that port but only on IP '180.10.10.10'.
How would I achieve the same with Firewalld? From my understanding Firewalld works based on interfaces.
I have tried:
firewall-cmd --zone=customzone --add-service=12345/tcp --set-destination=ipv4:180.10.10.10/32 --permanent
but that doesn't do it
Comments
Look up using rich rules. The destination stuff in firewalld is a little simplistic so if you're already familiar with iptables rich rules might be your better bet. Something like:
firewall-cmd --zone=customzone --add-rich-rule='rule family=ipv4 source address=0.0.0.0/0 destination address=180.10.10.10/32 port port=12345 protocol=tcp accept' --permanent
Oh thank you!
Just before I read your message I came across Redhat's doc on this: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_complex_firewall_rules_with_the_rich-language_syntax
I can confirm it works! Thanks, ya genius