Differences

This shows you the differences between two versions of the page.

--- firewalld-zones-centos7 [2015/03/05 08:22] – herwarth
+++ firewalld-zones-centos7 [2017/04/27 11:54] (current) – herwarth
@@ Line 1: / Line 1: @@
-{{tag>centos}}
 ======Using firewalld to create zones with subnets on CentOS 7======
 =====Configuration=====
-===Remove all default rules===
+====Remove all default rules====
   firewall-cmd --permanent --zone=home --remove-service=dhcpv6-client
   firewall-cmd --permanent --zone=home --remove-service=ipp-client
@@ Line 36: / Line 35: @@
   firewall-cmd --permanent --zone=public --add-source=::/0
-  firewall-cmd --permanent --zone=dmz --add-source=5.200.9.240/28
+  firewall-cmd --permanent --zone=dmz --add-source=185.106.153.224/29
-  firewall-cmd --permanent --zone=dmz --add-source=2a00:1630:59::/64
-  firewall-cmd --permanent --zone=dmz --add-source=46.44.183.176/28
   firewall-cmd --permanent --zone=dmz --add-source=2a02:22a0:bbb7:400::/64
-  firewall-cmd --permanent --zone=dmz --add-source=94.142.242.32/28
+  firewall-cmd --permanent --zone=dmz --add-source=192.168.10.0/24
-  firewall-cmd --permanent --zone=dmz --add-source=2a02:898:126::/64
+  firewall-cmd --permanent --zone=dmz --add-source=2a02:22a0:bbb7:401::/64
   firewall-cmd --permanent --zone=local --add-source=172.16.3.0/24
   firewall-cmd --permanent --zone=local --add-source=2a02:22a0:bbb7:403::/64
-  firewall-cmd --permanent --zone=local --add-source=172.16.5.0/24
-  firewall-cmd --permanent --zone=local --add-source=2a00:1630:59:5::/64
-  firewall-cmd --permanent --zone=local --add-source=172.16.7.0/24
-  firewall-cmd --permanent --zone=local --add-source=2a02:898:126:7::/64
   firewall-cmd --permanent --zone=management --add-source=172.16.2.0/24
   firewall-cmd --permanent --zone=management --add-source=2a02:22a0:bbb7:402::/64
-  firewall-cmd --permanent --zone=management --add-source=172.16.4.0/24
-  firewall-cmd --permanent --zone=management --add-source=2a00:1630:59:4::/64
-  firewall-cmd --permanent --zone=management --add-source=172.16.6.0/24
-  firewall-cmd --permanent --zone=management --add-source=2a02:898:126:6::/64
 ====Create additional services====
-<code>
+<code - /etc/firewalld/services/check-mk-agent.xml>
-cat << EOF > /etc/firewalld/services/check-mk-agent.xml
 <?xml version="1.0" encoding="utf-8"?>
 <service>
@@ Line 65: / Line 55: @@
   <port protocol="tcp" port="6556"/>
 </service>
-EOF
 </code>
@@ Line 76: / Line 65: @@
   firewall-cmd --permanent --zone=management --add-rich-rule="rule family="ipv6" \
   source address="2a00:1630:59:4::14" service name="check-mk-agent" accept"
-  firewall-cmd --permanent --zone=management --add-service=check-mk-agent
 ====Set default zone====
-  firewall-cmd --set-default-zone=dmz
+  firewall-cmd --set-default-zone=public
+=====Examples=====
+====Web server====
+A web-server allowing connections on service http and https matching zones dmz and local. Remember sources in a zone other than dmz and local cannot connect to the http and https service.
-====Example: a web-server allowing connections on service http and https matching zones dmz and local===
   firewall-cmd --permanent --zone=local --add-service=http
   firewall-cmd --permanent --zone=local --add-service=https
@@ Line 88: / Line 79: @@
   firewall-cmd --permanent --zone=dmz --add-service=https
+{{tag>centos}}

User Tools

Site Tools

Differences

Page Tools