Let’s say that I want to allow access to an iperf3 server on ports 5201/tcp|5201/udp from any source, i.e. from any subnet on our WAN.
At the same time, I want to restrict access to an rsyncd service on port 873/tcp|873/udp to only the LAN subnet, e.g. 192.168.1.0/24.
How do I go about doing that?
Do I have to create a zone with a --add-source=192.168.1.0/24 and add the rsyncd service to that zone?
Or do I have to add the interface to the public zone and add the iperf3 service to that?
Or do I need to add a destination= to the rsyncd.xml profile?
Or should I go about this some other way?
If you have multiple interfaces, assign them to different zones allowing services per zone.
Otherwise, use the rich rule syntax:
firewall-cmd --permanent --remove-service rsyncd
firewall-cmd --permanent --add-rich-rule="rule \
family=ipv4 source address=192.168.1.0/24 service name=rsyncd accept"
That looks perfect and very straight forward. I’ve been avoiding learning about rich rules out of sheer ignorance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.