On 28.06.2024 01:22, Nathanael Noblet wrote:
Hello,
I think I misunderstood something about how firewalld works and need
to make a change to some rules but I'm not sure how to go about it.
I have srv1 and srv2. Srv1 hosts a web/db etc. Srv2 is a DB
replication server so it connects to srv1 and is replicating the DB there. To do so I created a zone db-access, I added the port and as well as a number of source ip address which should be allowed to connect to that port.
However, what that has resulted in is that srv2 can *only* connect
to the srv1 on the db-access port. So ssh, web requests from srv2 to srv1 fail with no route to host while ping functions normally.
How was I supposed to setup the firewall so that by default
everything goes through the public zone, however if you match the source IP you're also allowed additional ports?
Use rich rules in the public zone to restrict additional ports to the selected source address(es).