S
S
slden2020-11-17 14:29:53
linux
slden, 2020-11-17 14:29:53

How to configure whiteList in firewalld?

Gentlemen, good afternoon!
Can you tell me with firewalld?
Created a new zone, made it default and active.
Created an ipset list of addresses (forming a Whitelist).
Specified this ipset as source.
I rebooted firewalld (while specifying the permanent option everywhere), I look through netstat | grep EST* see addresses NOT included in ipset.
Maybe you need to break the connection? Reloading firewalld doesn't break them?

Output of --list-all command:

custom_zone(active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: ipset:my_ipset
services:
ports: 8090/tcp 9191/tcp 22/tcp 3388/tcp 3377/tcp 4848/tcp 7676/tcp 3700/tcp 8181/tcp 9080/tcp 9081/tcp 8020/tcp 8021/tcp 7001/tcp 7002/tcp 1433/tcp 1521/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir, 2020-11-17
@MechanID

Because there are already connections, and the first rule in INPUT is usually
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Accordingly, the traffic got there and the connection continues to work.
Yes - you need to break the connections yourself.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question