I needed samba share access to my centos 7 machine and I used:
firewall-cmd --add-service=samba --permanent and this worked fine. but I'd like to restrict samba access to one ip address on my lan. I've been searching google but can't find a way to singularly do this for a service. I see it can be done for a port but not for a service. I don't want any other services restricted like this in the firewall, just samba. can this be done?
restrict firewall service to ip address
Re: restrict firewall service to ip address
The firewalld philosophy is somewhat inverse of what we expect.
You have two "zones".
From zone "A" you want to allow "other services".
From zone "B" you want to allow "other services" and samba.
That one IP address is in zone B. (B has that IP as "source".)
The interface has zone A. Everything, except that one IP is in zone A (because source zones have precedence).
You have two "zones".
From zone "A" you want to allow "other services".
From zone "B" you want to allow "other services" and samba.
That one IP address is in zone B. (B has that IP as "source".)
The interface has zone A. Everything, except that one IP is in zone A (because source zones have precedence).