From Boldcore's wiki
Jump to: navigation, search
Line 9: Line 9:
 
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy.
 
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy.
 
So, only reverse proxy can access the web server.
 
So, only reverse proxy can access the web server.
 +
 +
Where:<br>
 +
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)<br>
 +
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)<br>

Revision as of 04:36, 7 March 2017

Firewalld rich rule example

Allow connection to IP address and specific port only from specified source IP.

firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public"

NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. So, only reverse proxy can access the web server.

Where:
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)