Home / server / Questions / 890370
Accepted
user99201
Asked: 2018-01-03 08:10:44 +0800 CST

open all ports to specific IP with firewalld

  • 772

I'm on a red hat 7 machine, and I need to open all ports to a specific IP on the firewall.

I tried this command:

firewall-cmd --permanent --zone=public --add-rich-rule='   rule family="ipv4"   source address="64.39.96.0/20"   port protocol="tcp" port="*" accept'

But I'm getting an invalid port error for the *

Does anyone know and can tell me how to do this correctly?

firewalld

2 Answers

  1. Best Answer

    Use a firewalld zone for this. Zones can be specified either by interface or by source IP address.

    In fact, by default, a zone which accepts all traffic already exists, and it is named trusted. By default, though, nothing is in this zone. So, you don't even need to create a zone, just add the IP address to the trusted zone.

    firewall-cmd --zone=trusted --add-source=64.39.96.0/20

    In addition to CIDR ranges, you can specify single IP addresses or ipset names prefixed with ipset:.

    After this, all traffic from the specified addresses will be allowed on any port. Remember to make it permanent, either by repeating the command with --permanent appended, or by running firewall-cmd --runtime-to-permanent.

    • 22

  2. AFAIK the port can either be a single port number 123 or a port range 123-456 and * is not a valid input.

    Not specifying any specific port number/range will match any port.

    • 0