firewalld override subnet rule for a particular IP

Question

I would like to allow some ports from a network, and more ports from an IP of this network. I am not sure how to do it. Is it possible to have something like this in my custom zone.xml ?

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <rule family="ipv4">
    <source address="192.168.0.100"/>
    <service name="nrpe"/>
    <service name="ssh"/>
  </rule>
  <source address="192.168.0.0/24"/>
  <service name="ssh"/>
</zone>

It means I want to open ssh for all 192.168.0.0 network and open ssh and nrpe from 192.168.0.100. It seems we can't have more than one element in a rich rule.

Thanks in advance,

B.

score 0 · Answer 1 · answered Aug 19 '21 at 08:19

I found how to do it. I have to split in 2 parts rich rules :

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <rule family="ipv4">
    <source address="192.168.0.100"/>
    <service name="ssh"/>
  </rule>
  <rule family="ipv4">
    <source address="192.168.0.100"/>
    <service name="nrpe"/>
  </rule>
  <source address="192.168.0.0/24"/>
  <service name="ssh"/>
</zone>

B.

firewalld override subnet rule for a particular IP

1 Answers1