whitelisting with firewalld

General support questions
Post Reply
Ovitus
Posts: 27
Joined: 2018/12/07 16:01:43

whitelisting with firewalld

Post by Ovitus » 2019/02/13 20:46:46

I want to whitelist one particular IP or subnet access to the services I have open in firewalld.

[root@gamma certs]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 192.168.122.6
services: ssh dhcpv6-client http https dns nfs samba smtp ntp
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

I added the source IP address to the public zone, but I can still access the server from other IPs?

Ovitus
Posts: 27
Joined: 2018/12/07 16:01:43

Re: whitelisting with firewalld

Post by Ovitus » 2019/02/14 17:41:51

This works if I create a separate zone and add a service or port. It opens that port for that ip or ip range. Why doesn't it work with the public zone? Say I want to confine all the services open to my server to a particular subnet?

User avatar
jlehtone
Posts: 2110
Joined: 2007/12/11 08:17:33
Location: Finland

Re: whitelisting with firewalld

Post by jlehtone » 2019/02/14 20:24:57

You have tried:
1. IF packet comes FROM 192.168.122.6 THEN use the "public zone" rules
ELSE
2. IF packet arrives VIA eth0 THEN use the "public zone" rules

In other words both traffic types use the same set of allow/deny rules.

When you use two different zones, then different rules apply.

Post Reply