Comments on: How to Open Port for a Specific IP Address in Firewalld

By: Ayuk ROLAND AGBOR

Ayuk ROLAND AGBOR — Tue, 28 Mar 2023 17:58:16 +0000

In reply to Alex Chen. This is because the /32 subnet gives you only two usable ip addresses. So only 2 devices can try using the port whereas /20 has a whole subnet with more than 254 useable addresses.

By: Alex Chen

Alex Chen — Mon, 14 Nov 2022 01:52:03 +0000

In reply to Ravi Saive.

That didn’t work for me. I have to add ‘/32’ for a single IP.

By: Rashid Amin

Rashid Amin — Thu, 01 Sep 2022 05:53:14 +0000

This helped me restrict iSCSI to access the right way to a production storage server that I created from scratch.

By: Ravi Saive

Ravi Saive — Fri, 22 Jul 2022 05:51:36 +0000

In reply to Manu.

@Manu,

Adding source IP means, allowing access to this IP (source) address only…

By: Manu

Manu — Thu, 21 Jul 2022 07:51:59 +0000

When I just try adding a port using the command;

# firewall-cmd --add-port=80/tcp --permanent; firewall-cmd --reload

The port does add fine and is accessible from all ip’s even though the Sources in the Zones are empty.

[root@localhost ~]# firewall-cmd --list-all
ZABBIXHA (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3 enp0s8
sources:
services: high-availability
ports: 80/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Why is that so..? Any idea..? And what is the use of just adding a source like:

# firewall-cmd --add-source=192.XX.XX.XX --permanent