Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

firewalld driving me barmy.

  • 06-08-2014 3:10pm
    #1
    Registered Users, Registered Users 2 Posts: 1,775 ✭✭✭


    Just setting up new RHEL7 box and trying to get my head around firewalld.

    Been using iptables for all my rules now for years and was quite happy.

    Typically I would setup a rule like this in /etc/sysconfig/iptables and restart the firewall.

    -A INPUT -s 10.10.1.0/24 -p tcp -m tcp --dport 22-j ACCEPT -m comment --comment "private ssh for admin"

    Now with firewalld I have two choices

    1. Use a zone and a service
    firewall-cmd --permanent --add-service=ssh
    Looks good but how do I customize the service definition to specify a source network??

    2. Use a direct rule such as this.
    firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -s 10.10.1.0/24 -j ACCEPT -m comment --comment "private ssh for admin"
    but when restarting firewalld I loose my rule. I'm unable to use --permanent in conjunction with --direct

    If anyone has any advice on the best way to configure this it would be very welcome.


Comments

  • Registered Users, Registered Users 2 Posts: 2,426 ✭✭✭ressem


    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.1.0/24" service name="ssh" accept'
    

    which will add the rich rule into your default zone (/etc/firewalld/zones/) probably public.xml.


  • Registered Users, Registered Users 2 Posts: 1,775 ✭✭✭Sebzy


    ressem wrote: »
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.1.0/24" service name="ssh" accept'
    

    which will add the rich rule into your default zone (/etc/firewalld/zones/) probably public.xml.

    Thanks for that. Now if there was some way to embed comments my life would be so much simpler.


Advertisement