CentOS

Code: Select all

[root@fw ~]# firewall-cmd --get-active
work
  interfaces: eth1
  sources: 192.168.122.0/24
public
  interfaces: eth0

Code: Select all

[root@fw ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="192.168.100.0/24" destination address="192.168.122.4/32" service name="ssh" log prefix="SSH " level="debug" accept

Code: Select all

[root@fw ~]# firewall-cmd --list-all --zone=work
work (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth1
  sources: 192.168.122.0/24
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 

Code: Select all

[root@fw ~]# tcpdump -ni eth0 host 192.168.100.35
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:03:20.477707 IP 192.168.100.35.46784 > 192.168.122.4.ssh: Flags [S], seq 11064683, win 64240, options [mss 1460,sackOK,TS val 1323358844 ecr 0,nop,wscale 7], length 0
10:03:20.477833 IP 192.168.100.2 > 192.168.100.35: ICMP host 192.168.122.4 unreachable - admin prohibited, length 68

Code: Select all

Apr 28 10:03:20 fw kernel: FINAL_REJECT: IN=eth0 OUT=eth1 MAC=52:54:00:--:--:--:52:54:00:--:--:--:08:00 SRC=192.168.100.35 DST=192.168.122.4 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=44198 DF PROTO=TCP SPT=46802 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0