Hello, Is it possible to open a port or service for just local network and not globally? I should open that ports or services for specific IP addresses or Firewalld has special option for it?
Thank you.
On Wed, Oct 14, 2020 at 04:53:46PM -0000, Jason Long wrote:
Hello, Is it possible to open a port or service for just local network and not globally? I should open that ports or services for specific IP addresses or Firewalld has special option for it?
Use a zone. Put your local/internal interfaces in the "internal" or "trusted" zone. Then add the services to those zones.
Assuming "eth1" is your internal interface:
# firewalld-cmd --zone internal --add-interface eth1 # firewalld-cmd --zone internal --add-service http
Alternatively, use a rich rule to restrict to a subset of addresses:
# firewalld-cmd --zone internal --add-rich-rule='rule family=ipv4 source address="10.10.10.10" service name=http accept'
firewalld-users@lists.fedorahosted.org