[CentOS] firewalld rule syntax

2015-11-17 Thread Nick Bright
I'm still learning firewalld obviously, and I am having trouble groking the documentation to understand how to do this. I know I could do an iptables direct, but that doesn't seem like the "right" way to do it. What I'm trying to do is allow a specific service, only for a specific ip.

Re: [CentOS] firewalld rule syntax

2015-11-17 Thread Nick Bright
On 11/17/2015 11:12 AM, Nick Bright wrote: firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 firewall-cmd --zone=monitoring --add-service=snmp firewall-cmd --zone=monitoring --add-interface=ens192 firewall-cmd --runtime-to-permanent I went ahead and tried this and found that the zone and

Re: [CentOS] firewalld rule syntax

2015-11-17 Thread Clint Dilks
However, at the end > firewall-cmd --zone=monitoring --add-interface=ens192 > > This results in a zone conflict. I'm not sure if it's even possible to > have two zones on the interface. > > Hi Nick, I don't believe an interface can belong to multiple zones. Instead I think you what a rich rule,

Re: [CentOS] firewalld rule syntax

2015-11-17 Thread Nick Bright
On 11/17/2015 1:20 PM, James Hogarth wrote: A zone applies to a source network or interface. Have a flick through: https://www.hogarthuk.com/?q=node/9 Surprised SNMP isn't already defined as a service in /usr/lib/firewalld/services Perhaps snmpd ? Don't have a system to hand to check. I

Re: [CentOS] firewalld rule syntax

2015-11-17 Thread James Hogarth
On 17 Nov 2015 17:30, "Nick Bright" wrote: > > On 11/17/2015 11:12 AM, Nick Bright wrote: >> >> firewall-cmd --zone=monitoring --add-source=1.2.3.4/32 >> firewall-cmd --zone=monitoring --add-service=snmp >> firewall-cmd --zone=monitoring --add-interface=ens192 >>