open all ports to specific IP with firewalld

user99201 asked:

I’m on a red hat 7 machine, and I need to open all ports to a specific IP on the firewall.

I tried this command:

firewall-cmd --permanent --zone=public --add-rich-rule='   rule family="ipv4"   source address="64.39.96.0/20"   port protocol="tcp" port="*" accept'

But I’m getting an invalid port error for the *

Does anyone know and can tell me how to do this correctly?

My answer:


Use a firewalld zone for this. Zones can be specified either by interface or by source IP address.

In fact, by default, a zone which accepts all traffic already exists, and it is named trusted. By default, though, nothing is in this zone. So, you don’t even need to create a zone, just add the IP address to the trusted zone.

firewall-cmd --zone=trusted --add-source=64.39.96.0/20

In addition to CIDR ranges, you can specify single IP addresses or ipset names prefixed with ipset:.

After this, all traffic from the specified addresses will be allowed on any port. Remember to make it permanent, either by repeating the command with --permanent appended, or by running firewall-cmd --runtime-to-permanent.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.