[CentOS] firewalld: whitelisting/blacklisting addresses allowed to connect to a service/port with ipset
Kenneth Porter
shiva at sewingwitch.comThu Jul 6 05:11:13 UTC 2017
- Previous message: [CentOS] Sound stopped working from internal speaker in CentOS 7.2 (intel-hda) and is still broken.
- Next message: [CentOS] Virtual IP
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm trying to figure out how to use firewalld on CentOS 7 to block access to ssh (on a custom port to control log bloat) and smtp submission except for specific source addresses, using ipset. I haven't been able to figure out how to combine a port number or service name with an ipset, either as a blacklist of nets or a whitelist of addresses. It looks like ipset with type of "hash:net,port" might work but the current version of firewalld on C7 doesn't support that type. I fear I'm going to have to write a direct rule. Has anyone combined ipset with a port to achieve this? I tried a rich rule but I can't specify both an ipset and a port as the source value. --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
- Previous message: [CentOS] Sound stopped working from internal speaker in CentOS 7.2 (intel-hda) and is still broken.
- Next message: [CentOS] Virtual IP
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list