Configuring firewalld (Rocky linux 9)

219 Views Asked by Andreas At 20 February 2023 at 09:29

After much pain I managed to configure firewalld so that I only allow specific services to given IP-numbers.

Now I want to give access to all IPs to https/447. But I don't know how to do that. My current configuration is listed below.

# firewall-cmd --get-active-zones
customzone
  sources: ipset:Trusted_IP_all
drop
  interfaces: enp0s31f6

The drop zone:

# more drop.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
  <short>Drop</short>
  <description>Unsolicited incoming network packets are dropped.</description>
  <forward/>
</zone>

And the customzone:

# more customzone.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
  <short>Custom Zone Configuration</short>
  <description>All incoming connections are blocked by default. </description>
  <service name="ssh"/>
  <service name="http"/>
  <service name="https"/>
  <source ipset="Trusted_IP_all"/>
</zone>

The "Trusted_IP_all" contain a selected few IP-nr/ranges

Original Q&A

There are 1 best solutions below

erig On 07 June 2023 at 13:18

It sounds like you want to open port 447/tcp.

# firewall-cmd --permanent --zone customzone --add-port 447/tcp

Configuring firewalld (Rocky linux 9)

There are 1 best solutions below

Related Questions in FIREWALLD

Trending Questions

Popular # Hahtags

Popular Questions