FirewallD and network traffic filter

Support for security such as Firewalls and securing linux
Post Reply
bertalanimre
Posts: 140
Joined: 2015/06/02 13:04:03

FirewallD and network traffic filter

Post by bertalanimre » 2017/12/12 09:31:21

Hey Forum!

How would you filter traffic on a CentOS 7 server to allow network traffic on certain NIC-s from specific MAC addresses only? I wish to use minimal 3rd party tools, so only built-in solutions would be preferred. FirewallD can do this like iptables? If not, then maybe Fail2Ban?

Bert

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: FirewallD and network traffic filter

Post by pjsr2 » 2017/12/13 15:01:42

firewalld can filter on mac adrresses with a "rich language" rule. See https://access.redhat.com/documentation ... age_Syntax

bertalanimre
Posts: 140
Joined: 2015/06/02 13:04:03

Re: FirewallD and network traffic filter

Post by bertalanimre » 2017/12/14 15:04:28

I was affraid of these rich languages.....

aks
Posts: 3073
Joined: 2014/09/20 11:22:14

Re: FirewallD and network traffic filter

Post by aks » 2017/12/28 21:20:40

It's not that hard!

bertalanimre
Posts: 140
Joined: 2015/06/02 13:04:03

Re: FirewallD and network traffic filter

Post by bertalanimre » 2018/01/12 15:08:24

Cool! I've tested it with my own VMs and it was working like a charm. ;)

What I had to do is simply:
(If not MAC address, then drop)

Code: Select all

firewall-cmd --zone=public --add-rich-rule='rule source NOT mac="00:50:bf:5a:67:3d" drop'
(If not IP address, then drop)

Code: Select all

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source NOT address="10.0.0.1" drop'
Now here comes a question:
What if I use 2 rich-rule to allow certain MAC address and drop everything else?
- Will both rules be used => Traffic from both MAC addresses will be accept?
- Only the last rule will be applied?
- Only the first rule will be applied?

I'm unable to test it for a while now, but I'm curious, what do you think Guys?

Post Reply