From Boldcore's wiki
(Created page with "= Firewalld rich rule example= Allow connection to IP address and specific port only from specified source IP. <pre> firewall-cmd --add-rich-rule='rule family="ipv6" source...") |
|||
| Line 3: | Line 3: | ||
Allow connection to IP address and specific port only from specified source IP. | Allow connection to IP address and specific port only from specified source IP. | ||
| − | <pre> | + | <pre style="white-space: pre-wrap;"> |
firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public" | firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public" | ||
</pre> | </pre> | ||
Revision as of 04:33, 7 March 2017
Firewalld rich rule example
Allow connection to IP address and specific port only from specified source IP.
firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public"
NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. So, only reverse proxy can access the web server.