I'm trying to switch from using straight iptables to firewalld, but I'm not really "getting it" with how firewalld works. The documentation on firewalld.org doesn't really explain things to me. On a server, I would typically restrict management access (SSH, SNMP) to certain subnets, and leave the other ports (HTTP, HTTPS) open with an iptables like below. What would be the easiest way to accomplish the same thing with firewalld? ************************************************************************ :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :mgmt - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --dport 22 -j mgmt -A INPUT -p udp --dport 161 -j mgmt -A mgmt -s xx.xx.xx.xx/xx -J ACCEPT -A mgmt -s yy.yy.yy.yy/yy -J ACCEPT -A mgmt -p tcp -j REJECT --reject-with tcp-reset -A mgmt -j DROP COMMIT ************************************************************************ -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
