Block all incoming connections, except certain subnet

vinmansbrew

New Member
Joined
Jul 1, 2024
Messages
3
Reaction score
1
Credits
27
I am running rhel 8.10, using firewalld.
I want to add a rule that blocks all incoming traffic, except a certain network. For example, I only want to all connections from 122.122.0.0/24, while blocking all others. I don't know if specifying services matters, but the server needs to allow 443(https) internally.

I've tried adding rules to different zones such as exclude. I can't seem to find the combo that blocks everything but 122.122.0.0/24
Even looking into rich rules. I haven't found a direct rule, either. I thought I would, since I've used a direct rule to block all traffic leaving the server, except to certain subnets.

I assume this would be possible?
 


I know nothing about firewalld but this is usually done by blocking all by default globally (not a rule) and then adding allow rules.

According to article below, what you probably need is to assign your interface to "block" zone and then add allow rules to it.
 
I've tried something similar, but I'm missing something. Seems to me this should be a fairly common thing, but perhaps not.
Thanks
 
I've tried something similar, but I'm missing something. Seems to me this should be a fairly common thing, but perhaps not.
Thanks
It's very simple if you use nftables instead of high level firewall such as firewalld

Although it takes to read wikies and to practice to be good with nftables, I use it myself and can do what ever I want with it.
 

Members online


Latest posts

Top