From Boldcore's wiki
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
<pre style="white-space: pre-wrap;">
 
<pre style="white-space: pre-wrap;">
firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public"
+
firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public"
 
</pre>
 
</pre>
  
 
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy.
 
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy.
 
So, only reverse proxy can access the web server.
 
So, only reverse proxy can access the web server.
 +
 +
Where:<br>
 +
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)<br>
 +
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)<br>

Latest revision as of 07:43, 12 March 2018

Firewalld rich rule example

Allow connection to IP address and specific port only from specified source IP.

firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public"

NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. So, only reverse proxy can access the web server.

Where:
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)