restrict firewall service to ip address

Support for security such as Firewalls and securing linux
Post Reply
neuronetv
Posts: 89
Joined: 2012/01/08 21:53:07

restrict firewall service to ip address

Post by neuronetv » 2021/06/28 16:48:06

I needed samba share access to my centos 7 machine and I used:
firewall-cmd --add-service=samba --permanent and this worked fine. but I'd like to restrict samba access to one ip address on my lan. I've been searching google but can't find a way to singularly do this for a service. I see it can be done for a port but not for a service. I don't want any other services restricted like this in the firewall, just samba. can this be done?

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: restrict firewall service to ip address

Post by jlehtone » 2021/06/28 18:12:07

The firewalld philosophy is somewhat inverse of what we expect.

You have two "zones".
From zone "A" you want to allow "other services".
From zone "B" you want to allow "other services" and samba.

That one IP address is in zone B. (B has that IP as "source".)
The interface has zone A. Everything, except that one IP is in zone A (because source zones have precedence).

Post Reply