Answer the question
In order to leave comments, you need to log in
S
S
slden2020-11-17 14:29:53
slden, 2020-11-17 14:29:53
How to configure whiteList in firewalld?
Gentlemen, good afternoon!
Can you tell me with firewalld?
Created a new zone, made it default and active.
Created an ipset list of addresses (forming a Whitelist).
Specified this ipset as source.
I rebooted firewalld (while specifying the permanent option everywhere), I look through netstat | grep EST* see addresses NOT included in ipset.
Maybe you need to break the connection? Reloading firewalld doesn't break them?
Output of --list-all command:
custom_zone(active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: ipset:my_ipset
services:
ports: 8090/tcp 9191/tcp 22/tcp 3388/tcp 3377/tcp 4848/tcp 7676/tcp 3700/tcp 8181/tcp 9080/tcp 9081/tcp 8020/tcp 8021/tcp 7001/tcp 7002/tcp 1433/tcp 1521/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: 1 answer(s)
@MechanID
V
Vladimir, 2020-11-17 @MechanID
Because there are already connections, and the first rule in INPUT is usually
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Accordingly, the traffic got there and the connection continues to work.
Yes - you need to break the connections yourself.
Similar questions
C
C
S
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question