Hello Guys,
i want to ristrict all ips to access my website.
I tried with rich rules, but if i use them the site isnt available anymore.
These are the rules that i used: (i have modfied the ips)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="125.11.125.0/24" port protocol="tcp" port="80" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="162.61.137.112/24" port protocol="tcp" port="80" accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='0.0.0.0/0' port port=80 protocol=tcp reject"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="125.11.125.0/24" port protocol="tcp" port="443" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="162.61.137.112/24" port protocol="tcp" port="443" accept"
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='0.0.0.0/0' port port=443 protocol=tcp reject"
where is the problem? Can someone help me?
sorry for my bad english. not a native speaker.
regards
Firewalld ristrict all access ip and only 2 white list
Re: Firewalld ristrict all access ip and only 2 white list
The firewalld philosophy is to use zones for that.
Now the two subnets can connect to ports 80 and 443 (and only to those two ports).
Traffic from all other subnets belong to the default zone (usually the 'public'), which does not allow 80&443.
Code: Select all
firewall-cmd --permanent --new-zone=friends
firewall-cmd --permanent --zone=friends --target=REJECT
firewall-cmd --permanent --zone=friends --set-description="friends can apache"
firewall-cmd --permanent --zone=friends --add-service=http
firewall-cmd --permanent --zone=friends --add-service=https
firewall-cmd --permanent --zone=friends --add-source=125.11.125.0/24
firewall-cmd --permanent --zone=friends --add-source=162.61.137.0/24
firewall-cmd --reload
Traffic from all other subnets belong to the default zone (usually the 'public'), which does not allow 80&443.