gharris999
(Gordon harris)
1
Let’s say that I want to allow access to an iperf3 server on ports 5201/tcp|5201/udp from any source, i.e. from any subnet on our WAN.
At the same time, I want to restrict access to an rsyncd service on port 873/tcp|873/udp to only the LAN subnet, e.g. 192.168.1.0/24.
How do I go about doing that?
Do I have to create a zone with a --add-source=192.168.1.0/24 and add the rsyncd service to that zone?
Or do I have to add the interface to the public zone and add the iperf3 service to that?
Or do I need to add a destination= to the rsyncd.xml profile?
Or should I go about this some other way?
1 Like
vgaetera
(Vladislav Grigoryev)
2
If you have multiple interfaces, assign them to different zones allowing services per zone.
Otherwise, use the rich rule syntax:
firewall-cmd --permanent --remove-service rsyncd
firewall-cmd --permanent --add-rich-rule="rule \
family=ipv4 source address=192.168.1.0/24 service name=rsyncd accept"
firewall-cmd --reload
1 Like
gharris999
(Gordon harris)
3
That looks perfect and very straight forward. I’ve been avoiding learning about rich rules out of sheer ignorance.
Thank you.
1 Like
system
(system)
Closed
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.