Hi, I have a fedora23 system and just starting to learn how firewalld works. None of the documentation really discusses how to add rules from a specific source (the -s option with iptables). Is this not what firewalld was intended to do? How do I restrict access to ssh or dns only from specific remote IP addresses? I've found the "rich" rules, but if I have to create rules at the port level without any association to the service, then I don't understand the point of using it. In other words, it appears necessary to add additional manual rules, while also having to "--add-service=dns" instead of the dns service taking care of it all in the first place. In other words, to create a "rich" rule for dns, it appears necessary to do: firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port=53 protocol="tcp" accept' --permanent firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port=53 protocol="udp" accept' --permanent and that also doesn't provide the ability to control the "state" of the packets. Thanks for any ideas. Alex -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org