For SSH I have rich rules and it works fine, I had to use rich rules due to the small sub-set of IPS being used. I then added dns to the services, but it doesn't work, when I tail the named xfer-in log no records and being transferred (the original CentOS6 sever get the zone transfers immediately), however, if I disable firewalld on the new CentOS7 hosts the transfer does work, so it is obviously a firewalld issue, or more exact, me not doing something.
Below is the zone listing, I cannot see where I'm going wrong.
Code: Select all
{root@host1 ~]# firewall-cmd --list-all-zones
Custom0Internal (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dns
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="10.1.250.137" service name="ssh" accept
rule family="ipv4" source address="10.1.202.14" service name="ssh" accept
rule family="ipv4" source address="10.100.0.134" service name="ssh" accept
rule family="ipv4" source address="10.100.0.67" service name="ssh" accept
rule family="ipv4" source address="10.1.250.151" service name="ssh" accept
rule family="ipv4" source address="10.1.250.162" service name="ssh" accept
rule family="ipv4" source address="204.99.50.100" service name="ssh" accept