I'm on a red hat 7 machine, and I need to open all ports to a specific IP on the firewall.
I tried this command:
firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="64.39.96.0/20" port protocol="tcp" port="*" accept'
But I'm getting an invalid port error for the *
Does anyone know and can tell me how to do this correctly?
Use a firewalld zone for this. Zones can be specified either by interface or by source IP address.
In fact, by default, a zone which accepts all traffic already exists, and it is named trusted. By default, though, nothing is in this zone. So, you don't even need to create a zone, just add the IP address to the trusted zone.
firewall-cmd --zone=trusted --add-source=64.39.96.0/20
In addition to CIDR ranges, you can specify single IP addresses or ipset names prefixed with ipset:.
After this, all traffic from the specified addresses will be allowed on any port. Remember to make it permanent, either by repeating the command with --permanent appended, or by running firewall-cmd --runtime-to-permanent.
AFAIK the port can either be a single port number 123 or a port range 123-456 and * is not a valid input.
Not specifying any specific port number/range will match any port.
