Using firewall-cmd rich rules to whitelist IP Address Range

For basic firewall-cmd Using firewall-cmd in CentOS 7

For starting and stopping firewalld service Disable FirewallD Services on CentOS 7

Firewall Rich Rules are additional feature of firewalld that allows you to create most sophisticated firewall rules.

Option 1a: To add a rich rule to allow a subnet to be whitelist

# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="22" protocol="tcp" accept'

Option 1b: To add a rule rule to allow a service to be whitelist

# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="ssh" accept'

 

Option 1c: To remove a rich rule to allow a subnet to be whitelist

# firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="22" protocol="tcp" accept'

Option 2a: To add log entry

# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24 port port="22" protocol="tcp" log prefix="Firewall Rich Rule Log" level="notice" accept'

Option 3a: Port Forwarding

# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24 port port="22" protocol="tcp" log prefix="Firewall Rich Rule Log " level="notice" forward-port port="11111" to-port="22" accept'

Option 3b: Testing

# ssh -p 11111 admin@myip.com

Spectrum Scale Solutions

  1. NVMe storage via RDMA storage via E8, Excelero
    Lowest-Latency Distributed Block Storage for IBM Spectrum Scale
    Excelero NVMesh, Lowest-Latency Distributed Block Storage for IBM Spectrum Scale
  2. Community server + Spectrum Scale Erasure coding
    IBM Spectrum LSF and IBM Spectrum Scale User Group Erasure Code Edition
  3. IBM ESS NVMe edition (going to be released in this Q4)
    https://www.ibm.com/downloads/cas/MNEQGQVP
    https://www.spectrumscaleug.org/wp-content/uploads/2019/05/SSSD19DE-Day-1-03-IBM-Spectrum-Storage-for-AI-with-Nvidia-DGX.pdf
  4. Existing IBM ESS
    Accelerate with IBM Storage: Building and Deploying Elastic Storage Server (ESS)