I am trying to get a handle on firewalld... I can't actually see right off how to limit access to services to certain sources. For example, on a single-interface server, I want to limit access to SSH and SNMP to some "management" networks. With iptables, I might have:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :mgmt - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --syn --dport http -j ACCEPT -A INPUT -p tcp --syn --dport ssh -j mgmt -A INPUT -p udp --dport snmp -j mgmt -A mgmt -s 10.0.0.0/24 -j ACCEPT -A mgmt -s 10.1.0.0/24 -j ACCEPT -A mgmt -p tcp -j REJECT --reject-with tcp-reset -A mgmt -j DROP That means a couple of subnets can reach whatever management services I declare, the rest of the network cannot, and HTTP is just wide open. I set a bunch of different documents talking about assigning interfaces and services to zones, but nothing that tells me how to use those zones to do something useful. -- Chris Adams <li...@cmadams.net> _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
