07 Using Zones to Manage Incoming Traffic Depending on Source IP or IP Mask or Network | #linuxtopic
 |
| How to Allow source IP or source network in firewall, |
We can use zones to oversee approaching traffic dependent on its source. you add a source to a zone, the zone becomes dynamic and any approaching traffic from that source will be coordinated through it.
If we want to route incoming traffic into a specific source, we will add the source to that zone. The source can be an IP address or Network/IP mask in the Classless Inter-domain Routing (CIDR) notation.
List all available zones:
firewall-cmd --get-zones
List allowed sources
firewall-cmd --list-sources
List allowed sources for the required zone:
firewall-cmd --zone=linuxtopic --list-sources
To add source IP in the current zone
firewall-cmd --add-source=192.168.100.100/32
To add source IP mask or network in the current zone
firewall-cmd --add-source=192.168.100.0/24
To remove source IP / IP mask or network in the current zone
firewall-cmd --remove-source=192.168.100.0/24firewall-cmd --remove-source=192.168.100.100/32
To set the source IP address or IP mask / Network for a specific zone:
firewall-cmd --zone=linuxtopic --add-source=192.168.200.1/32firewall-cmd --zone=linuxtopic --add-source=192.168.200.0/24
To make the new settings persistent
firewall-cmd --runtime-to-permanent
We make all settings permanent to verify we restart service and checked, all added sources was enabled on linuxtopic zone.
To remove the source IP address or IP mask / Network for a specific zone:
firewall-cmd --zone=linuxtopic --remove-source=192.168.200.1/32firewall-cmd --zone=linuxtopic --remove-source=192.168.200.0/24
To permanently remove
firewall-cmd --zone=linuxtopic --remove-source=192.168.200.1/32 --permanentfirewall-cmd --zone=linuxtopic --remove-source=192.168.200.0/24 --permanent
Thanks
Leave a Comment