Configuring firewalld (Rocky linux 9)

Question

After much pain I managed to configure firewalld so that I only allow specific services to given IP-numbers.

Now I want to give access to all IPs to https/447. But I don't know how to do that. My current configuration is listed below.

# firewall-cmd --get-active-zones
customzone
  sources: ipset:Trusted_IP_all
drop
  interfaces: enp0s31f6

The drop zone:

# more drop.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
  <short>Drop</short>
  <description>Unsolicited incoming network packets are dropped.</description>
  <forward/>
</zone>

And the customzone:

# more customzone.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
  <short>Custom Zone Configuration</short>
  <description>All incoming connections are blocked by default. </description>
  <service name="ssh"/>
  <service name="http"/>
  <service name="https"/>
  <source ipset="Trusted_IP_all"/>
</zone>

The "Trusted_IP_all" contain a selected few IP-nr/ranges

score 0 · Answer 1 · answered Jun 07 '23 at 13:18

0

It sounds like you want to open port 447/tcp.

# firewall-cmd --permanent --zone customzone --add-port 447/tcp

answered Jun 07 '23 at 13:18

erig

131
1
3

Configuring firewalld (Rocky linux 9)

1 Answers1