Firewalld rich rule
wordpress meta
title: 'Firewalld Rich Rule'
date: '2015-06-13T11:51:27-05:00'
status: publish
permalink: /firewalld-rich-rule
author: admin
excerpt: ''
type: post
id: 880
category:
- Firewall
- FirewallD
tag: []
post_format: []
title: 'Firewalld Rich Rule'
date: '2015-06-13T11:51:27-05:00'
status: publish
permalink: /firewalld-rich-rule
author: admin
excerpt: ''
type: post
id: 880
category:
- Firewall
- FirewallD
tag: []
post_format: []
To add a so called rich rule to firewalld I did the following.
Check existing rules after a recent upgrade to Fedora 22. 55555/tcp was a custom app not Fedora default.
# firewall-cmd --get-default-zone
FedoraServer
# firewall-cmd --zone=FedoraServer --list-all
FedoraServer (default)
interfaces:
sources:
services: cockpit dhcpv6-client http smtp ssh
ports: 55555/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
Lets remove some rules.
# firewall-cmd --permanent --zone=FedoraServer --remove-port=55555/tcp
success
# firewall-cmd --permanent --zone=FedoraServer --remove-service=cockpit
success
# firewall-cmd --permanent --zone=FedoraServer --remove-service=dhcpv6-client
success
Add custom rule non-permanent.
** Note x.x.x.x is a placeholder for a real public IP. Most likely you won't need a public IP but a non-routable Class C or B on your internal network.
# firewall-cmd --zone=FedoraServer --add-rich-rule="rule family="ipv4" source address="x.x.x.x/32" port protocol="tcp" port="55555" accept"
success
Or if you need it permanently added remember to use --permanent.
Restart the firewall.
# systemctl restart firewalld.service
# firewall-cmd --zone=FedoraServer --list-all
FedoraServer (default)
interfaces:
sources:
services: http smtp ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="x.x.x.x/32" port port="55555" protocol="tcp" accept