Latest revision as of 08:43, 12 March 2018

Firewalld rich rule example

Allow connection to IP address and specific port only from specified source IP.

firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public"

NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy. So, only reverse proxy can access the web server.

Where:
Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)
Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)

@@ Line 3: / Line 3: @@
 Allow connection to IP address and specific port only from specified source IP.
-<pre>
+<pre style="white-space: pre-wrap;">
-firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination not address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" log level="info" reject' --permanent --zone="public"
+firewall-cmd --add-rich-rule='rule family="ipv6" source NOT address="2a01:5f0:c001:106:59:0:2:6" destination address="2a01:5f0:c001:106:59:0:2:30" port port="443" protocol="tcp" reject' --permanent --zone="public"
 </pre>
 NOTE: This rule is actually used here in Boldcore for communication between Web server and reverse proxy.
 So, only reverse proxy can access the web server.
+Where:<br>
+Address 2a01:5f0:c001:106:59:0:2:6 is source address (reverse proxy)<br>
+Address 2a01:5f0:c001:106:59:0:2:30 is destination address (web server)<br>

Difference between revisions of "Firewalld rich rule"

Views

Latest revision as of 08:43, 12 March 2018

Firewalld rich rule example

Navigation menu

Navigation

Search

Tools

Personal tools