GUI firewall, possible to add port with IP restrictions?

Support for security such as Firewalls and securing linux
twocentos
Posts: 3
Joined: 2017/09/09 19:23:40

GUI firewall, possible to add port with IP restrictions?

Postby twocentos » 2017/09/09 19:44:43

Using the GUI firewall it seems that you can open a port, but that does not restrict what IP's can access the port.

Looking for something like clicking on the allowed port (in the selected zone), then selecting whether to allow only ip's or subnet. The machines are connected by a switch.

Rich rules seem overly complex, and my searches only seemed to find command line firewalld statements that I have had a lot of trouble with.

Also, was just thinking of using one zone, since the rules won't change (not a portable computer). Don't think multiple zones will make a difference, just seems as though the different zones are just for different default setups?

hunter86_bg
Posts: 762
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: GUI firewall, possible to add port with IP restrictions?

Postby hunter86_bg » 2017/09/10 07:25:02

Here is an example for different zones - I have a Desktop/Workstation which has zone 'External' for communication with the rest of the systems in my vLAN, while I am using zone 'internal' for rules applicable to the Virtual Machines hosted locally.
In the Enterprise , you may end up with 6 and possibly more NICs each connected to a different network.

twocentos
Posts: 3
Joined: 2017/09/09 19:23:40

Re: GUI firewall, possible to add port with IP restrictions?

Postby twocentos » 2017/09/11 08:44:29

hunter86_bg wrote:Here is an example for different zones...

That would seem to be a good use for several zones.

Still it seems it should be possible to specify IP's for an open port using the GUI firewall for a single zone/NIC. Is there any way to do that?

hunter86_bg
Posts: 762
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: GUI firewall, possible to add port with IP restrictions?

Postby hunter86_bg » 2017/09/11 16:28:39

It seems that

Code: Select all

firewall-config
supports creation of rich rule that allows you to define the source ip.
Here is a screenshot:
Image

I should admit that I have never used the GUI and if I have never used firewalld - I would be extremely confused.

twocentos
Posts: 3
Joined: 2017/09/09 19:23:40

Re: GUI firewall, possible to add port with IP restrictions?

Postby twocentos » 2017/09/18 21:09:32

Thanks hunter86_bg
Calling it solved.