I am currently setting up a small storage server and need to add some security to it via the firewall. Before I set this up, I created a little concept, to make it easier for me understand in the future but I seem to misunderstand the zone configuration of FirewallD and need some help with it. (I read the man page as well as so many websites I found via Google but it just does not want to go in my head)
What do I want to do?
I have two NICs and one VNIC (VLAN) on my machine. NIC1 is supposed to deal with external connections from specific source IPs only, NIC2 and VNIC (VLAN) should only be accessible within the network via a VRack.
I want to drop every connection coming from the outside, apart the ones coming from my sources.
What have I done so far?
I setup two zones "public" (NIC1) and "internal" (NIC2 and VNIC) as I went by their name. I set the target of the "public" zone to drop and added two source IPs because I thought, that if people try to connect to the public IP and not coming from one of the sources, they should get a connection refused, meaning being dropped. For some reason when I login into my server, I still get the message that there were xx amount of failed tries and when I check the /var/log/secure log file, I can see that people tried to connect via ssh with different usernames.
What am I doing wrong?
This is how my zones look (changed the IP and the port for security reasons)
"public"
Code: Select all
public (active)
target: DROP
icmp-block-inversion: no
interfaces: NIC1
sources: 123.45.678.9/32 9.876.54.321/32
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule protocol value="icmp" accept
Code: Select all
internal (active)
target: default
icmp-block-inversion: no
interfaces: NIC2 VNIC (VLAN)
sources:
services: ssh
ports: 1234/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: