For basic firewall-cmd Using firewall-cmd in CentOS 7
For starting and stopping firewalld service Disable FirewallD Services on CentOS 7
Firewall Rich Rules are additional feature of firewalld that allows you to create most sophisticated firewall rules.
Option 1a: To add a rich rule to allow a subnet to be whitelist
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="22" protocol="tcp" accept'
Option 1b: To add a rule rule to allow a service to be whitelist
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="ssh" accept'
Option 1c: To remove a rich rule to allow a subnet to be whitelist
# firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="22" protocol="tcp" accept'
Option 2a: To add log entry
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24 port port="22" protocol="tcp" log prefix="Firewall Rich Rule Log" level="notice" accept'
Option 3a: Port Forwarding
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24 port port="22" protocol="tcp" log prefix="Firewall Rich Rule Log " level="notice" forward-port port="11111" to-port="22" accept'
Option 3b: Testing
# ssh -p 11111 admin@myip.com
Hello,sorry for intruding,May i ask how to do whitelist in sftp environment?do i have to disable it since when i use it i cant test whether my whitelist process successful or not. I tried it but the whitelist was in ssh and my testing account was sftp. The access was denied since only sftp connection was allowed.
LikeLike