I have a cidr block that I would like to allow 174.192.0.0/10. From only the following tcp/udp ports: 5000-5299 that I want to add to trusted. I am not sure what the proper add would be. I best guess would be the following, could someone please correct my best guess below?
firewall-cmd --permanent --add-service=family="ipv4" source address="174.192.0.0/10" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv4" source address="174.192.0.0/10" port protocol="udp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv6" source address="174.192.0.0/10" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv6" source address="174.192.0.0/10" port protocol="udp" port="5000-5299" accept'
TIA.
I don't have the ipv6 addresses yet, please excuse my mistake of ipv4 addresses in the original post.
firewall-cmd --permanent --add-service=family="ipv6" source address="ipv6_address-w-cidr" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv6" source address="ipv6_address-w-cidr" port protocol="udp" port="5000-5299" accept'
On Sun, Dec 13, 2020 at 05:34:00PM -0000, Steven Frazier wrote:
I have a cidr block that I would like to allow 174.192.0.0/10. From only the following tcp/udp ports: 5000-5299 that I want to add to trusted. I am not sure what the proper add would be. I best guess would be the following, could someone please correct my best guess below?
firewall-cmd --permanent --add-service=family="ipv4" source address="174.192.0.0/10" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv4" source address="174.192.0.0/10" port protocol="udp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv6" source address="174.192.0.0/10" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-service=family="ipv6" source address="174.192.0.0/10" port protocol="udp" port="5000-5299" accept'
I think you confused your arguments. This suggests you're trying to add a rich rule, but you're using the `--add-service` argument.
This should work:
firewall-cmd --permanent --add-rich-rule='family="ipv4" source address="174.192.0.0/10" port protocol="tcp" port="5000-5299" accept' firewall-cmd --permanent --add-rich-rule='family="ipv4" source address="174.192.0.0/10" port protocol="udp" port="5000-5299" accept'
firewalld-users@lists.fedorahosted.org