Hi,
I have a fedora23 system and just starting to learn how firewalld
works. None of the documentation really discusses how to add rules
from a specific source (the -s option with iptables).
Is this not what firewalld was intended to do?
How do I restrict access to ssh or dns only from specific remote IP addresses?
I've found the "rich" rules, but if I have to create rules at the port
level without any association to the service, then I don't understand
the point of using it. In other words, it appears necessary to add
additional manual rules, while also having to "--add-service=dns"
instead of the dns service taking care of it all in the first place.
In other words, to create a "rich" rule for dns, it appears necessary to do:
firewall-cmd --add-rich-rule='rule family="ipv4" source
address="192.168.1.0/24" port port=53 protocol="tcp" accept'
--permanent
firewall-cmd --add-rich-rule='rule family="ipv4" source
address="192.168.1.0/24" port port=53 protocol="udp" accept'
--permanent
and that also doesn't provide the ability to control the "state" of the
packets.
Thanks for any ideas.
Alex
Show replies by date