Using Centos Firewall how to assign multiple IPs to a Port?

mcv asked:

Setting up a new zone, with a port that has restricted access to an IP address. How does one apply this to more than one IP?

$ firewall-cmd --new-zone=special
$ firewall-cmd --permanent --zone=special --add-rich-rule='
  rule family="ipv4"
  source address=”123.1.1.1"
  port protocol="tcp" port="10050" accept'

Is source address allowed an array of CSV? Is it defined like this?

source address=”123.1.1.1″,”234.1.1.1″

My answer:


You don’t need a rich rule for this. It’s unnecessary and too complicated for what you want to do.

Just add the source IP addresses and desired ports to the zone directly.

For example:

firewall-cmd --zone=special --add-source=192.0.2.123
firewall-cmd --zone=special --add-source=198.51.100.7
firewall-cmd --zone=special --add-source=203.0.113.81

firewall-cmd --zone=special --add-port=10050/tcp

firewall-cmd --runtime-to-permanent

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.