Let’s say that I want to allow access to an iperf3 server on ports 5201/tcp|5201/udp from any source, i.e. from any subnet on our WAN.
At the same time, I want to restrict access to an rsyncd service on port 873/tcp|873/udp to only the LAN subnet, e.g. 192.168.1.0/24.
How do I go about doing that?
Do I have to create a zone with a --add-source=192.168.1.0/24 and add the rsyncd service to that zone?
Or do I have to add the interface to the public zone and add the iperf3 service to that?
Or do I need to add a destination= to the rsyncd.xml profile?
Or should I go about this some other way?