Hi, On Mon, Jan 18, 2016 at 2:55 AM, James Hogarth <james.hogarth@xxxxxxxxx> wrote: > > On 17 Jan 2016 16:28, "Alex" <mysqlstudent@xxxxxxxxx> wrote: >> >> Hi, >> I have a fedora23 system and just starting to learn how firewalld >> works. None of the documentation really discusses how to add rules >> from a specific source (the -s option with iptables). >> >> Is this not what firewalld was intended to do? >> >> How do I restrict access to ssh or dns only from specific remote IP >> addresses? >> > > Create a zone for that source network and then apply the rules to that. > > Have a read of this and see if it helps clear a few things up: > > https://www.hogarthuk.com/?q=node/9 Okay, that's interesting. So it's possible to apply multiple zones to a single interface? How would you suggest I structure that? In other words, create a "ssh" zone where the only service is ssh, then add all the source addresses that are permitted to ssh to my host to that zone? I'm trying to do the iptables equivalent of: -A INPUT -s 192.168.1.0/24,192.168.10.0/24 -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT -A INPUT -s 192.168.1.0/24,192.168.10.0/24 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT You've provided some great examples at the end, but any guidance on how to get started with what I've written above would be appreciated. Do you know if firewalld works with NetworkManager properly in fc23? I'm now learning that because I use kvm/qemu for virtual machines, and apparently must disable NetworkManager still, that I can't also use firewalld. I learned this from an older article, but I've been having problems with NetworkManager and bridges and thought it might be related. Thanks, Alex -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
