Lockdown unsecure port with firewall-cmd

Question

I have a RedHat 7 server where we allow a few ports but one of them is insecure I would like to use firewall-cmd to lock that port down to only allow 5 IPs to access it. Do I need to make a new zone for just that port?

score 0 · Answer 1 · answered Mar 15 '19 at 15:45

0

Not exactly: You make a new zone for the source IP addresses. Then you allow that port in the new zone.

answered Mar 15 '19 at 15:45

Michael Hampton

237,123
42
477
940

score 0 · Accepted Answer · answered Mar 19 '19 at 05:18

First you must sure you can access , via another way in case you do a mistake .

Add you 5 fives rules

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="AA.BB.CCC.DDD/32" service name="ssh" log prefix="ssh" level="info" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="AA.BB.CCC.DDD/32" service name="ssh" log prefix="ssh" level="info" accept'

after

firewall-cmd --complete-reload

check

firewall-cmd --list-all-zones

remove access to port 22 , and service ssh

firewall-cmd --permanent --zone=public --remove-port=22/tcp
firewall-cmd --permanent --zone=public --remove-service=ssh

Lockdown unsecure port with firewall-cmd

2 Answers2