If you'd like to DROP packets outside this source, here's an example for dropping those outside the /24 I used as an example earlier, you can use rich rules for this, I believe. Fedora FirewallD docs (fairly good, fedora's been using firewalld for some while).You can make a further assessment by reading redhat's suggestions on choosing a zone. Side note / editorial: It doesn't matter but I like the 'trusted' zone for a white-listed set of IPs in firewalld.
firewall-cmd -reloadĪnd check your work: firewall-cmd -zone=public -list-all Set the range of ports you'd like open: firewall-cmd -permanent -zone=public -add-port=1-22/tcpįirewall-cmd -permanent -zone=public -add-port=1-22/udp (That adds a whole /24 and a single IP, just so you have a reference for both a subnet and a single IP) If there are none, you can start to add them, this is your 'whitelist' firewall-cmd -permanent -zone=public -add-source=192.168.100.0/24įirewall-cmd -permanent -zone=public -add-source=192.168.222.123/32 First checkout which sources there are for your zone: firewall-cmd -permanent -zone=public -list-sources I'd accomplish this by adding sources to a zone.
