On Monday, November 16, 2020, 12:30:07 PM EST, Eric Garver <egarver@redhat.com> wrote:
On Mon, Nov 16, 2020 at 02:56:42PM +0000, Steve Frazier wrote:
> I come from iptables (didn't know it well but enough to get by). I am trying to learn firewalld now which appears to be much more powerful.
> First of all I need some help, please.
> I would like to remove all the rules and zones since I have probably messed up my installation so far and do the following:
You can remove the user configuration files in the directories
`/etc/firewalld/*/`. Do firewalld.conf or lockdown-whitelist.xml files.
> I would like to "DROP" all outside traffic I would then like to only allow all ports from (2) two IP addresses.
> Could someone explain to me how to do this.
1. Make "block" or "reject" the default zone.
# firewall-cmd --set-default-zone=block
2. Then add your allowlist IPs to the trusted zone which allows
everything.
# firewall-cmd --permanent --zone trusted --add-source <ip_address>
# firewall-cmd --reload
> My configuration only has:
> (1) one public IP Address (ens3)
> Thanks in advance.
> Also, is there a good tutorial that would walk me through learning firewalld? Thanks again for this as well.
> Have a great day.
The upstream website has some documentation:
https://firewalld.org/documentation/