zone in firewalld rhel7

Latest response

Hi guys,

can you assign more than one zone per network interface? This question might be stupid, but I was just wondering.

Also, if you want to assign a service to zone, but restrict access to that service from a specific source, how will that be accomplished?

What I am asking here is this:

  1. You have a zone assigned to an interface
  2. You have a bunch of services assigned to the zone ( anyone can access those services)
  3. You add a new service to that zone, but you don't want everyone to access that service. You want only traffic from 10.0.0.0/24 .

Thanks guys

Responses

Hello Arrey

You cannot assign an interface to more than one zone. If you could, the firewall would not know how to treat the packets.

Firewall for RHEL7 is documented in the RHEL7 Security Guide

I'll take a look now in the guide and see if I can be of more help for your other questions.

Thank you

In Configuring Complex Firewall Rules with the "Rich Language" Syntax there is a subsection "Understanding the Rich Rule Commands". There is a source command where it says "origin of a connection attempt can be limited to the source address".

Is the service you want to restrict access to one of the services listed by:
firewall-cmd --get-services

Awesome. Thanks Stephen