Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

firewalld driving me barmy.

  • 06-08-2014 4:10pm
    #1
    Sebzy
    Registered Users Posts: 1,770 ✭✭✭


    Just setting up new RHEL7 box and trying to get my head around firewalld.

    Been using iptables for all my rules now for years and was quite happy.

    Typically I would setup a rule like this in /etc/sysconfig/iptables and restart the firewall.

    -A INPUT -s 10.10.1.0/24 -p tcp -m tcp --dport 22-j ACCEPT -m comment --comment "private ssh for admin"

    Now with firewalld I have two choices

    1. Use a zone and a service
    firewall-cmd --permanent --add-service=ssh
    Looks good but how do I customize the service definition to specify a source network??

    2. Use a direct rule such as this.
    firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -s 10.10.1.0/24 -j ACCEPT -m comment --comment "private ssh for admin"
    but when restarting firewalld I loose my rule. I'm unable to use --permanent in conjunction with --direct

    If anyone has any advice on the best way to configure this it would be very welcome.


Comments

  • #2
    ressem
    Registered Users Posts: 2,426 ✭✭✭ressem 


    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.1.0/24" service name="ssh" accept'

    which will add the rich rule into your default zone (/etc/firewalld/zones/) probably public.xml.


  • #3
    Sebzy
    Registered Users Posts: 1,770 ✭✭✭Sebzy


    ressem wrote: »
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.1.0/24" service name="ssh" accept'

    which will add the rich rule into your default zone (/etc/firewalld/zones/) probably public.xml.

    Thanks for that. Now if there was some way to embed comments my life would be so much simpler.


Advertisement