How to add multiple source addresses as a rich rule via firewalld?
Issue
- I would like to add more than one source address as a rich rule, however only the last address specified is taken into consideration.
- For example, below only Y.Y.Y.Y/Y and port BB is accepted
# firewall-cmd --add-rich-rule='rule family=ipv4 source address=X.X.X.X/X address=Y.Y.Y.Y/Y port port=AA port=BB protocol=tcp log prefix="test" level="notice" accept'
# cat /etc/firewalld/zones/drop.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
<short>Drop</short>
<description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
<rule family="ipv4">
<source address="Y.Y.Y.Y/Y"/>
<port port="BB" protocol="tcp"/>
<log prefix="test" level="notice"/>
<accept/>
</rule>
</zone>
Environment
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.