On 27/02/2019 14.44, Patrick Shanahan wrote:
* Patrick Shanahan <> [02-27-19 08:38]:
* Carlos E. R. <> [02-27-19 06:22]:
...
My setup is not simple.
My desktop firewall opens certain ports to only certain IPs, so that a visitor would not get automatic access. I don't see that feature in firewalld.
firewall-cmd --list-all-zones
firewall-cmd --zone=public --add-port=12345/tcp --permanent firewall-cmd --zone=public --remove-port=12345/tcp --permanent
https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-... https://firewalld.org/documentation/
perhaps you need to look further (cmds are single lines):
Deny IPv4 traffic over TCP from host 192.168.1.10 to port 22.
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.1.10" port port=22 protocol=tcp reject'
Yes, this is it - but in allow mode :-) Thanks for the find :-)
Allow IPv4 traffic over TCP from host 10.1.0.3 to port 80, and forward it locally to port 6532.
firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=10.1.0.3 forward-port port=80 protocol=tcp to-port=6532'
Forward all IPv4 traffic on port 80 to port 8080 on host 172.31.4.2 (masquerade should be active on the zone).
firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 forward-port port=80 protocol=tcp to-port=8080 to-addr=172.31.4.2'
So, rich rules... -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)