Using Firewall-cmd to create address specific restrictions in centos 7

linux linux-networking centos7 firewalld fedora
1,730

I searched for the answer but I found many questions related to my own without answers.

After much study, I came around with a workaround. Here is what i did

I Added the interface to the public zone

then

sudo firewall-cmd --permanent --zone=public --add-service=http 
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="x.x.x.x/x" service name="ssh" log prefix="ssh" level="info" accept' 
sudo firewall-cmd --reload

Note: The source address could be a range. Just specify the network mask

Since ssh wasn't added for the public zone, it will be blocked by default. The rich rule will enable it for only that source ip.

Any better solution please add.

Share:
1,730

Related videos on Youtube

pjanecze
Author by

pjanecze

Updated on September 18, 2022

Comments

  • pjanecze
    pjanecze almost 2 years

    I am learning solidity and want to create a contract that will lock token for Uniswap LP. What I've created is:

    • List item
    • on token creation I am creating uniswap pair with that token
    • I am creating a Timelock for token amount assigned to creator address
    • now on release() method I would like to automatically add liquidity with eth value that has been sent and token that was locked

    Problem here is that to add LP to uniswap token needs to be approved and from what I see the only way to approve token is to first send this token to creator address.

    Is it possible to make it automatic so that we don't need to trust contract creator to add LP after it has been released to him?

  • Alejo JM
    Alejo JM over 9 years
    nice job, from your answer i get work this one with ip address firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="X.X.X.X" port port="81" protocol="tcp" accept' firewall-cmd --reload
  • MadHatter
    MadHatter over 8 years
    Thanks to @oranix for pointing out the missing =.
  • pjanecze
    pjanecze over 3 years
    Thanks for answer, basically I've found that approve is not a problem because contract creator can do it by himself before doing release() on time lock contract. What I would like to do is to automatically send token and eth to LP pair when calling release(). Do you think it is possible?
  • Mikko Ohtamaa
    Mikko Ohtamaa over 3 years
    I do not see why it is not possible. You can program any kind of smart contracts you want, only imagination is your limit.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

drop ip blacklist with firewalld centos 7
Reject host(not ip) using firewalld / firewalld.richlanguage
Samba configuration, status[NT_STATUS_ACCESS_DENIED],
fail2ban doesn't add IPs to ipset (firewalld)
firewalld vs iptables - when to use which
firewalld to allow routing without NAT between NICs
Fedora Linux 18: firewalld Blocking All Ports After firewall-cmd --enable
Cannot ping to localhost into CentOS
Flutter Doctor shows problem with GTK 3.0 for CentOS Linux 7 running on Doctor
Can't access jboss remotely despite of proper binding of IP address in standalone.xml file