I want to whitelist one particular IP or subnet access to the services I have open in firewalld.
[root@gamma certs]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 192.168.122.6
services: ssh dhcpv6-client http https dns nfs samba smtp ntp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
I added the source IP address to the public zone, but I can still access the server from other IPs?
whitelisting with firewalld
Re: whitelisting with firewalld
This works if I create a separate zone and add a service or port. It opens that port for that ip or ip range. Why doesn't it work with the public zone? Say I want to confine all the services open to my server to a particular subnet?
Re: whitelisting with firewalld
You have tried:
1. IF packet comes FROM 192.168.122.6 THEN use the "public zone" rules
ELSE
2. IF packet arrives VIA eth0 THEN use the "public zone" rules
In other words both traffic types use the same set of allow/deny rules.
When you use two different zones, then different rules apply.
1. IF packet comes FROM 192.168.122.6 THEN use the "public zone" rules
ELSE
2. IF packet arrives VIA eth0 THEN use the "public zone" rules
In other words both traffic types use the same set of allow/deny rules.
When you use two different zones, then different rules apply.