0

I wanted to create a zone named "bad" with a target=reject and source=10.100.0.0/24 which will basically reject all traffic from that subnet. In the zone.

Now, if I want to allow traffic to SSH from that subnet, how can I do that?

I tried adding service SSH to "bad" zone but no luck, then I tried to add a rich rule no luck...

I tried to do what a firewall would normally do, which is denying all request that didn't match any rule...

Thanks

DJYod
  • 346
  • 1
  • 4
  • 15
  • First of all, I think you meant the network with the following CIDR notation `10.100.0.0/16`. Show more details please. We need something like `firewall-cmd --zone=$(firewall-cmd --get-default-zone) --list-services `. What does this return? Subsequently, you could add the ssh service using `firewall-cmd --zone=$(firewall-cmd --get-default-zone) --add-service=ssh`. Without more details, it's hard to troubleshoot the problem – Valentin Bajrami Sep 01 '16 at 20:44
  • CentOS 6 or 7? It makes a difference, at least for stock CentOS, because of the move from `iptables` to `firewalld` (at least, I think that's what it's called; I cordially dislike systemd, so have steered clear of C7 so far). – MadHatter Sep 02 '16 at 07:33

2 Answers2

0

Would something like this work? I'm frankly not sure if this covers your situation or not. It seems like it would but I've not tested it. This would be if you wanted to, say, allow incoming ssh connections from 15.15.15.0/24

INPUT -p tcp -s 15.15.15.0/24 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Source: https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands

Neil Anuskiewicz
  • 431
  • 1
  • 3
  • 15
0

firewall-cmd --permanent --new-zone=bad

firewall-cmd --zone=bad --add-rich-rule 'rule family=ipv4 service name=ssh source address=10.100.0.0/24 accept' --permanent

firewall-cmd --set-default=bad --permanent

firewall-cmd --reload

gloom700
  • 116
  • 7