I have a system that connects to outside world, use case is I need to block the external access and only allow particular subnet for this system without adding any external interfaces. Can I do this using firewall-cmd
I need to allow access to a particular subnet
Rest all the connectivity to this/from this node should be blocked. Any suggestions are highly appreciated.
So before I add edits to this, I read that firewall-cmd
can only be used to block external traffic, for my use case I need this to be for the external access from my host and only allow access to a particular host
p:s
- Block all outgoing traffic including ping/icmp
- Allow only my traffic to reach a particular subnet (ex: 10.8.180.0/24) which has a proxy to reach the external services
I have read rich rules to do the same but unable to get the results
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="10.10.10.189" port port=5000 protocol=tcp accept'
But I'm not sure how to block other ports , this system should only contact the 10.10.10.189
and nothing else , any helps appreciated.