--- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
firewalld: whitelisting/blacklisting addresses allowed to connect to a service/port with ipset
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: firewalld: whitelisting/blacklisting addresses allowed to connect to a service/port with ipset
- From: Kenneth Porter <shiva@xxxxxxxxxxxxxxx>
- Date: Wed, 05 Jul 2017 22:11:13 -0700
I'm trying to figure out how to use firewalld on CentOS 7 to block access
to ssh (on a custom port to control log bloat) and smtp submission except
for specific source addresses, using ipset. I haven't been able to figure
out how to combine a port number or service name with an ipset, either as a
blacklist of nets or a whitelist of addresses. It looks like ipset with
type of "hash:net,port" might work but the current version of firewalld on
C7 doesn't support that type. I fear I'm going to have to write a direct
rule. Has anyone combined ipset with a port to achieve this? I tried a rich
rule but I can't specify both an ipset and a port as the source value.
- Prev by Date: Sound stopped working from internal speaker in CentOS 7.2 (intel-hda) and is still broken.
- Next by Date: Virtual IP
- Previous by thread: Sound stopped working from internal speaker in CentOS 7.2 (intel-hda) and is still broken.
- Next by thread: Virtual IP
- Index(es):
 |