Firewalld reject IPs on CentOS 7/8

Use rich-rule

$ firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.0.10.0/24' reject"

or add port
$ firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.0.10.0/24' port port='110' protocol='tcp' reject"

$firewall-cmd --reload

@reject dovecot postfix from external IP and accept internal IP
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="25" protocol="tcp" reject'

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="110" protocol="tcp" reject'

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="143" protocol="tcp" reject'

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address='192.168.0.0/16' accept'

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address='127.0.0.1' accept'

get all rules
$firewall-cmd --list-all
$firewall-cmd --permanent --direct --get-all-rules

We can also modify  firewalld xml files in /etc/firewalld as direct.xml and  /etc/firewalld/public/ (default zone)





References
https://fedoraproject.org/wiki/Features/FirewalldRichLanguage
https://access.redhat.com/discussions/1342573

位置: Taiwan

這個網誌中的熱門文章

Upgrade php and httpd(apache) on CentOS 7

圖片
1. for latest php from https://rpms.remirepo.net/ $ wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm $ sudo  rpm -ivh remi-release-7.rpm $ sudo yum -y --enablerepo='remi-php74' --enablerepo='remi'  install php-7.4.29       2. for latest httpd from https://repo.codeit.guru/ $ wget https://repo.codeit.guru/codeit-repo-release.el7.rpm $ sudo rpm -ivh codeit-repo-release.el7.rpm $ sudo yum -y install httpd-2.4.53 3. If error message occurred on httpd-2.4.53 + php 5.4.X (Invalid command php...) modify /etc/httpd/conf.modules.d/00-mpm.conf disable mpm_event with #(sharp) and enable mpm_prefork with unsharp references https://rpms.remirepo.net/ https://repo.codeit.guru/ https://repo.codeit.guru/packages/centos/7/x86_64/  https://repo.ius.io/ https://tw.arip-photo.org/320126-error-start-apache-php-value-MDGNGZ https://www.datadoghq.com/blog/monitoring-apache-web-server-performance/#prefork-mpm #Cyber Security    
閱讀完整內容

Installing VMware workstation pro on Ubuntu 22.X (Jammy Jellyfish)

圖片
 1. Download workstation pro for vmware website https://www.vmware.com/tw/products/workstation-pro/workstation-pro-evaluation.html e.g.  VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle 2. Download modules patch from github https://github.com/mkubecek/vmware-host-modules/releases/tag/w16.2.3-k5.18 tarball https://github.com/mkubecek/vmware-host-modules/archive/refs/tags/w16.2.3-k5.18.tar.gz 3. Execute by sudo $ chmod 755 VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle $ sudo apt-get -y install build-essential $ sudo VMware-Workstation-Full-16.2.3-19376536.x86_64.bundle 4.Execude by account $ vmware 5. patch vmmon and vmnet $ tar zxvf w16.2.3-k5.18.tar.gz  $ cd  vmware-host-modules-w16.2.3-k5.18 $ tar cvf vmnet.tar  vmnet-only && sudo cp vmnet.tar /usr/lib/vmware/modules/source/ $ tar cvf vmmon.tar vmmon-only && sudo cp vmmon.tar /usr/lib/vmware/modules/source/ $ sudo vmware-modconfig --console --install-all                   6. Execute by account Lauch vmware
閱讀完整內容