On 17 Nov 2015 17:30, "Nick Bright" nick.bright@valnet.net wrote:
On 11/17/2015 11:12 AM, Nick Bright wrote:
firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 firewall-cmd --zone=monitoring --add-service=snmp firewall-cmd --zone=monitoring --add-interface=ens192 firewall-cmd --runtime-to-permanent
I went ahead and tried this and found that the zone and service must
first be created, which requires use of:
firewall-cmd --new-zone=monitoring --permanent (--permanent is required) firewall-cmd --new-service=snmp
edit /etc/firewalld/services/snmp.xml:
<?xml version="1.0" encoding="utf-8"?>
<service> <short>snmp</short> <description>Simple Network Management Protocol</description> <port port="161" protocol="udp" /> </service>
firewall-cmd --reload
However, at the end firewall-cmd --zone=monitoring --add-interface=ens192
This results in a zone conflict. I'm not sure if it's even possible to
have two zones on the interface.
A zone applies to a source network or interface.
Have a flick through: https://www.hogarthuk.com/?q=node/9
Surprised SNMP isn't already defined as a service in /usr/lib/firewalld/services .... Perhaps snmpd ? Don't have a system to hand to check.