{"id":880,"date":"2015-06-13T11:51:27","date_gmt":"2015-06-13T18:51:27","guid":{"rendered":"http:\/\/blog.ls-al.com\/?p=880"},"modified":"2015-06-13T11:55:03","modified_gmt":"2015-06-13T18:55:03","slug":"firewalld-rich-rule","status":"publish","type":"post","link":"https:\/\/blog.ls-al.com\/firewalld-rich-rule\/","title":{"rendered":"Firewalld Rich Rule"},"content":{"rendered":"<p>To add a so called rich rule to firewalld I did the following.<\/p>\n<p>Check existing rules after a recent upgrade to Fedora 22.  55555\/tcp was a custom app not Fedora default. <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# firewall-cmd --get-default-zone\r\nFedoraServer\r\n\r\n# firewall-cmd --zone=FedoraServer --list-all\r\nFedoraServer (default)\r\n  interfaces:\r\n  sources:\r\n  services: cockpit dhcpv6-client http smtp ssh\r\n  ports: 55555\/tcp\r\n  masquerade: no\r\n  forward-ports:\r\n  icmp-blocks:\r\n  rich rules:\r\n<\/pre>\n<p>Lets remove some rules.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# firewall-cmd --permanent --zone=FedoraServer --remove-port=55555\/tcp\r\nsuccess\r\n# firewall-cmd --permanent --zone=FedoraServer --remove-service=cockpit\r\nsuccess\r\n# firewall-cmd --permanent --zone=FedoraServer --remove-service=dhcpv6-client\r\nsuccess\r\n<\/pre>\n<p>Add custom rule non-permanent.<br \/>\n** Note x.x.x.x is a placeholder for a real public IP.  Most likely you won't need a public IP but a non-routable Class C or B on your internal network.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# firewall-cmd --zone=FedoraServer --add-rich-rule=&quot;rule family=&quot;ipv4&quot; source address=&quot;x.x.x.x\/32&quot; port protocol=&quot;tcp&quot; port=&quot;55555&quot; accept&quot;\r\nsuccess\r\n<\/pre>\n<p>Or if you need it permanently added remember to use --permanent.<\/p>\n<p>Restart the firewall.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# systemctl restart firewalld.service\r\n<\/pre>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\n# firewall-cmd --zone=FedoraServer --list-all\r\nFedoraServer (default)\r\n  interfaces:\r\n  sources:\r\n  services: http smtp ssh\r\n  ports:\r\n  masquerade: no\r\n  forward-ports:\r\n  icmp-blocks:\r\n  rich rules:\r\n        rule family=&quot;ipv4&quot; source address=&quot;x.x.x.x\/32&quot; port port=&quot;55555&quot; protocol=&quot;tcp&quot; accept\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>To add a so called rich rule to firewalld I did the following. Check existing rules after a recent upgrade<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35,43],"tags":[],"class_list":["post-880","post","type-post","status-publish","format-standard","hentry","category-firewall","category-firewalld"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/880","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=880"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/880\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=880"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=880"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=880"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}