If you want to restrict a zone to a specific set of IPs, simply define those IPs as sources for the zone itself (and remove any interface definition that may be present, as they override source IPs). 123 my intention was that if a source is not listed, it should not be able to reach any service or port I just created this: # firewall-cmd -zone=encrypt -list-allīut i can still reach port 6000 from. The problem above is that this is not a real list, it will block everything since if its one address its blocked by not being the same as the other, generating an accidental "drop all" effect, how would i "unblock" a specific non contiguous set? does source accept a list of addresses? i have not see anything in my look at the docs or google result so far. So the end result would be no other machine can access any port or protocol, except those explicitly allowed, sort of a mix of -add-rich-rule='rule family="ipv4" source not address="192.168.56.120" drop' On a linux networked machine, i would like to restrict the set of addresses on the "public" zone (firewalld concept), that are allowed to reach it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |