From Boldcore's wiki
(2 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
<pre style="white-space: pre-wrap;"> | <pre style="white-space: pre-wrap;"> | ||
− | firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination | + | firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public" |
</pre> | </pre> | ||
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. | NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. | ||
So, only reverse proxy can access the web server. | So, only reverse proxy can access the web server. | ||
+ | |||
+ | Where:<br> | ||
+ | Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)<br> | ||
+ | Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)<br> |
Latest revision as of 07:43, 12 March 2018
Firewalld rich rule example
Allow connection to IP address and specific port only from specified source IP.
firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public"
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. So, only reverse proxy can access the web server.
Where:
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)