I found this link regarding how to set up a blacklist xml file for firewalld: ipset instructions Clear enough, but I don't want to drop access for all ports, just 80 and 443. Suggestions? (BTW the firewalld forum doesn't seem to be adding new users.)
Asked
Active
Viewed 1,130 times
1 Answers
2
Initialize the blacklist ipset just as in the link you mentioned, but instead of using
firewall-cmd --add-rich-rule='rule source ipset=blacklist drop'
to tie the blacklist to the rest of the ruleset, use something like this:
firewall-cmd --add-rich-rule='rule source ipset=blacklist service name="http" drop'
firewall-cmd --add-rich-rule='rule source ipset=blacklist service name="https" drop'
I've found that Fedora has a nice document on firewalld rich rules.
telcoM
- 4,448
- 15
- 25