On 17 Nov 2015 17:30, "Nick Bright" <nick.bright@xxxxxxxxxx> wrote:
>
> On 11/17/2015 11:12 AM, Nick Bright wrote:
>>
>> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32
>> firewall-cmd --zone=monitoring --add-service=snmp
>> firewall-cmd --zone=monitoring --add-interface=ens192
>> firewall-cmd --runtime-to-permanent
>
> I went ahead and tried this and found that the zone and service must
first be created, which requires use of:
>
> firewall-cmd --new-zone=monitoring --permanent (--permanent is required)
> firewall-cmd --new-service=snmp
>
> edit /etc/firewalld/services/snmp.xml:
> <?xml version="1.0" encoding="utf-8"?>
> <service>
> <short>snmp</short>
> <description>Simple Network Management Protocol</description>
> <port port="161" protocol="udp" />
> </service>
>
> firewall-cmd --reload
>
> However, at the end
> firewall-cmd --zone=monitoring --add-interface=ens192
>
> This results in a zone conflict. I'm not sure if it's even possible to
have two zones on the interface.
>
>
A zone applies to a source network or interface.
Have a flick through:
https://www.hogarthuk.com/?q=node/9
Surprised SNMP isn't already defined as a service in
/usr/lib/firewalld/services .... Perhaps snmpd ? Don't have a system to
hand to check.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
