I am trying to get a handle on firewalld... I can't actually see right off how to limit access to services to certain sources. For example, on a single-interface server, I want to limit access to SSH and SNMP to some "management" networks. With iptables, I might have: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :mgmt - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp --syn --dport http -j ACCEPT -A INPUT -p tcp --syn --dport ssh -j mgmt -A INPUT -p udp --dport snmp -j mgmt -A mgmt -s 10.0.0.0/24 -j ACCEPT -A mgmt -s 10.1.0.0/24 -j ACCEPT -A mgmt -p tcp -j REJECT --reject-with tcp-reset -A mgmt -j DROP That means a couple of subnets can reach whatever management services I declare, the rest of the network cannot, and HTTP is just wide open. I set a bunch of different documents talking about assigning interfaces and services to zones, but nothing that tells me how to use those zones to do something useful. -- Chris Adams <linux@xxxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
