I have researched on here and Googled a lot of stuff but I cannot get an answer to blocking UPnP. One of our security scan declares UPnP is a vulnerability and to restrict access. I have been trying to come up with a set of firewall rules that will prevent all but a hand full of IP addresses being able to access port 5000.
I followed this [article][1] but I don't think it is complete. The zone I created looks like this:
indexer (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 10.x.x.1 10.x.x.2 10.x.x.3 10.x.x.4 10.x.x.5 10.x.x.6
services:
ports: 5000/tcp 5000/udp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
However, this does not feel right. First off because the interface is not in this zone it is in public:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks: timestamp-reply timestamp-request
rich rules:
rule family="ipv4" port port="1900" protocol="tcp" reject
I know I would have to add ssh to the indexer zone and then move the interface to the indexer zone. However, I still do not know if that will work because I don't know what would reject the rest of the ip addresses from accessing those ports.
[1]: https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/
