For When You Can't Have The Real Thing
[ start | index | login ]
start > Fedora > Server > 28 > Firewalld Limit Remote Source Connections

Firewalld Limit Remote Source Connections

Created by dave. Last edited by dave, 99 days ago. Viewed 158 times. #1
[edit] [rdf]
labels
attachments
(2019-02-14)

Problem

I have an internet-facing service that I want to restrict to a particular (set of) source address(es). The service can't do source-filtering on its own.

Solution

Define a new zone that includes the (set of) address(es) as valid sources, and add specific access rules there.

eg permit only 139.60.168.32 to access snmp:

# firewall-cmd --new-zone=snmp_monitors --permanent
# firewall-cmd --reload
# firewall-cmd --zone=snmp_monitors --add-source=139.60.168.32
# firewall-cmd --zone=snmp_monitors --add-service=snmp
# firewall-cmd --zone=snmp_monitors --add-service=snmp --permanent
# firewall-cmd --zone=snmp_monitors --add-source=139.60.168.32 --permanent

This presumes that the snmp service is not included in whatever the default internet zone is.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt