Useful ‘FirewallD’ Rules to Configure and Manage Firewall in Linux

Page 1 of 212

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Babin Lonston

I'm Working as a System Administrator for last 10 year's with 4 years experience with Linux Distributions, fall in love with text based operating systems.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

12 Responses

  1. Naushad Ahmad says:

    Hi, I want to know if I could add certain I.P.s (approx 5 I.P.s) to access my Linux Server using SSH so that no one except those I.P.s would be able to access the server. I don’t want to use rich-rule. How can I do that?

    My server is RHEL 7.4.

    • Hi Naushad,

      Yes, you can add alias IP for a single NIC, or you can add those individual IP for separate NIC’s to access the server. Kindly follow below article for the same requirement.

      https://www.tecmint.com/create-multiple-ip-addresses-to-one-single-network-interface/

      Thanks & Regards,
      Babin Lonston

      • Naushad Ahmad says:

        Thanks Babin ..

      • Naushad Ahmad says:

        Babin,

        I followed the url you have provided in your above comment. Looking at that I think I was not able to brief my problem.

        Actually I have a Linux server on a network. I have 100s of other computers (running windows) on the same network. All of them can access my server but I want to allow only 5 I.P.s (i.e. 5 other computers) which are on the same network to access my Linux server using ssh. So I want to set up a firewall-cmd rule so that apart from those 5 I.P.s no one on the network would be able to access my Linux server. How can I do that?

        Once again thanks for your earlier response.

        • @Naushad,

          We assume your 5 IP’s are in 192.168.1.x range.

          # firewall-cmd --zone=public --add-source=192.168.1.1
          # firewall-cmd --zone=public --add-port=22/tcp
          # firewall-cmd --zone=public --add-source=192.168.1.2
          # firewall-cmd --zone=public --add-port=22/tcp
          # firewall-cmd --zone=public --remove-interface=eno16777728
          # firewall-cmd --reload
          

          Thanks & Regards,
          Babin Lonston

          • Naushad Ahmad says:

            Thanks Babin for your kind response. Now I have got it. Doing this will automatically block all the other users except those which are added by add- source option, right?

            But I didn’t get why I need to remove my interface.

  2. Oppa says:

    Is it possible to add networks like 172.5.0.0/24?

  3. Orion Poplawski says:

    Note that fail2ban does not monitor any services by default, so simply installing it will achieve nothing without configuring it.

  4. Christian Francis says:

    Observo que se hace referencia al bloqueo de un IP pero lo único que se bloquea es el acceso a servidor sin embargo pueden navegar al internet usando como puerta de enlace el servidor.

    ¿ Cuál sería la forma de bloquear un IP para que no navegue a través del servidor?.

    ============

    I note that referred to the blockade of IP, but the only thing that is blocking access to server but can browse the internet using Gateway as the server.

    What would be the way to block an IP to not navigate through the server ?.

  5. ibon says:

    Thanks a million for your really great tutorials.
    Although I am having a problem blocking ICMP . I get ‘yes’‘, that means there is a icmp block applied, and it’s enabled. However, when I –zone e=external –list-all there are no entries for icmp-blocks: (empty).
    Using Fedora 21 Workstation. Thanks again for your invaluable articles.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *