Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    FirewallD block all IP beside a subnet


    Hello,
    I'am having issues blocking ssh 5001 to all Ip beside the 10.121.18.0 network.Bellow is my config. I can still reach the 10.121.18.0 from differnt networks with this config.
    I used --permenate and rebooted whole machine

    firewall-cmd --zone= --list-all
    internal (default, active)
    interfaces: enp9s0 eth0
    sources: 10.121.18.0/24
    services: dhcpv6-client dns http https ipp-client mdns samba-client ssh
    ports: 5001/tcp 22/tcp
    masquerade: no
    forward-ports:
    icmp-blocks:
    rich rules:

  2. #2
    Linux Enthusiast Steven_G's Avatar
    Join Date
    Jun 2012
    Location
    Western US
    Posts
    599
    If I understand correctly you only want to be able to log in to SSH from one IP address?

    Here is an article on how to achieve that in two different ways in .deb; but shouldn't be too awfully different for .rpm. (I might be wrong on the allow/deny on .rpm, haven't played with that branch much.)

    One uses the FW and one uses deny/allow. I used deny/allow on my set up. IMHO I think it's a little easier to work with than the FW rules b/c I change my NT config from time to time as I build, learn, play, harden and experiment and if I foul something up I can just manually boot that terminal and fix the problem in allow/deny.

  3. #3
    -->
    I just want the 10.121.18.0/24 subnet to ssh to that end device. But right now a 192.168.44./25 subnet can ssh to it even though i cited a source ip subnet and the port numbers i need to work on it now

$spacer_open
$spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •