As the title says: our CentOS system should in principle be accessible by everyone, but we have to block a range with a lot of unwanted activities (say 45.0.0.0/8), and then we want to allow a sub-range (say 45.91.0.0/16) because that range belongs to a client.
I could give you the settings I already tried in firewalld, but the mistakes I made are likely to distract you too much... I'll list therefore the two zones I created:
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: cockpit dhcpv6-client domino http https smtp ssh websockets
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="135.181.173.14" reject
firewall-cmd --zone=drop --list-all
drop (active)
target: DROP
icmp-block-inversion: no
interfaces:
sources: 45.0.0.0/8
services: domino http https smtp websockets
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="45.91.0.0/16" accept
How can this be accomplished in firewalld?
0 Answers