Score:0

firewall-cmd - adding 0.0.0.0/0 as a source in one zone blocks more specific access in another zone

uz flag

I have two firewalld zones configured as follows:

zone: ssh-access
source: 1.2.3.4
ports: 9999/tcp

zone: other-access
source: 5.6.7.8
ports: 8888/tcp

We temporarily want to unrestrict access to the ssh-access zone on port 9999/tcp so we replace the source so that zone is configured as follows:

zone: ssh-access
source: 0.0.0.0/0
ports: 9999/tcp

This has the desired effect for the ssh-access zone.

However, once we do that, the source 5.6.7.8 for zone other-access fails to communicate over port 8888/tcp until the 0.0.0.0/0 source for ssh-access is reverted back to its original value.

I feel like I'm overlooking something simple...

tl;dr: we want to allow any source to communicate over port 9999/tcp but keep it restricted to the defined source for port 8888/tcp.

Score:0
uz flag

So, perhaps somewhat obviously, this does what I want it to do.

firewall-cmd --zone=public --add-port=9999/tcp

It means I don't have to change anything in the ssh-access zone, and the public zone won't interfere with anything.

Going to call this solved now.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.