If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.
Let's say you want to configure firewalld to only allow connections from IP addresses 192.168.0.1 through 192.168.0.254. First, use the --list-sources option to determine if firewalld is configured with any sources. If --list-sources returns no output, this means that firewalld is not configured with any sources.
firewall-cmd --list-sources
Or the --list-all option can be used to see if there are any sources.
~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Here is how you would configure firewalld to only allow connections from IP addresses 192.168.0.1 through 192.168.0.254.
firewall-cmd --zone=public --add-source=192.168.0.0/24 --permanent
firewall-cmd --reload
The --check-config command can be used to ensure there are no configuration errors.
~]$ firewall-cmd --check-config
success
Now, --list-sources should return the following.
192.168.0.0/24
And --list-all should contain 192.168.0.0/24 as well.
~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 192.168.0.0/24
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Did you find this article helpful?
If so, consider buying me a coffee over at 