Create subzones in firewallD

centos iptables firewalld
6,101

Is there a way to create a separate zone?

Yes, you can create new zones:

https://fedoraproject.org/wiki/FirewallD#How_to_configure_or_add_zones.3F

How to configure or add zones?

To configure or add zones you can either use one of the firewalld interfaces to handle and change the configuration. These are the graphical configuration tool firewall-config, the command line tool firewall-cmd or the D-BUS interface. Or you can create or copy a zone file in one of the configuration directories. @PREFIX@/lib/firewalld/zones is used for default and fallback configurations and /etc/firewalld/zones is used for user created and customized configuration files.

From http://www.certdepot.net/rhel7-get-started-firewalld/

# firewall-cmd --permanent --new-zone=test
success
# firewall-cmd --reload
success
Share:
6,101

Related videos on Youtube

Mathias Vetsch
Author by

Mathias Vetsch

Updated on September 18, 2022

Comments

  • Mathias Vetsch
    Mathias Vetsch over 1 year

    In firewalld, I can assign a zone to an network interface. A zone contains some firewall rules.

    Now I have a network interface with different levels of trust (172.16.1.1/32 should have special access in the 172.16.1.0/24 network). For example SSH access for an admin host.

    The only way I found to realize that, is to use a rich rule. But I am not happy with this approach, because it's basically an iptables rule without the possibility to give a description. Is there a way to create a separate zone or subzone for the admin host?

    The advantage would be, that the configuration is more readable. I could create a ManagmentZone with special permissions. And when another Admin-PC comes to life, I can simply add its address to this zone.

    • Michael Hampton
      Michael Hampton over 8 years
      You could just add these IP addresses to the trusted zone, or a new zone.
    • Mathias Vetsch
      Mathias Vetsch over 8 years
      Thanks! I did not understand that I can add ip ranges to zones: firewall-cmd --permanent --zone=trusted --add-source=192.168.2.0/24

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
Reset firewalld rules to default?
Can multiple firewalld zones be active at any given time?
firewalld is not working in CentOS 8: no rule at all is created in iptables
Block outgoing connections on RHEL7/CentOS7 with firewalld?
viewing firewalld logs via remote login to CentOS 7 server
URL Filtering with IP tables
How to use POSTROUTING / SNAT with firewalld?
how to make firewall changes permanent via firewall-cmd?
Configuring OpenVPN to use Firewalld instead of iptables on Centos 7