FirewallD Sources

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have 2 zones in my VPS:



iredmail (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: smtp smtp-submission pop3 pop3s imap imaps ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:


public (active)
target: default
icmp-block-inversion: no
interfaces:
sources: <MY_IP>
services: ssh dhcpv6-client http https
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:


I have the services http and https in the public zone and added "MY_IP" as the only source for this zone. I dont even have an interface for the public zone. When I try to connect to my http and https services with an IP that is not "MY_IP" I am able to do it. It is my understanding that if I add "MY_IP" as the only traffic source, "MY_IP" is the only one that is supposed to have access to the http and http services, if that is not the case, how can I prevent any traffic from a source other than "MY_IP" from reaching to the http and https services in the public zone? Thanks for the help.









share

























    up vote
    0
    down vote

    favorite












    I have 2 zones in my VPS:



    iredmail (active)
    target: default
    icmp-block-inversion: no
    interfaces: eth0
    sources:
    services: smtp smtp-submission pop3 pop3s imap imaps ssh
    ports:
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:


    public (active)
    target: default
    icmp-block-inversion: no
    interfaces:
    sources: <MY_IP>
    services: ssh dhcpv6-client http https
    ports: 22/tcp
    protocols:
    masquerade: no
    forward-ports:
    source-ports:
    icmp-blocks:
    rich rules:


    I have the services http and https in the public zone and added "MY_IP" as the only source for this zone. I dont even have an interface for the public zone. When I try to connect to my http and https services with an IP that is not "MY_IP" I am able to do it. It is my understanding that if I add "MY_IP" as the only traffic source, "MY_IP" is the only one that is supposed to have access to the http and http services, if that is not the case, how can I prevent any traffic from a source other than "MY_IP" from reaching to the http and https services in the public zone? Thanks for the help.









    share























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I have 2 zones in my VPS:



      iredmail (active)
      target: default
      icmp-block-inversion: no
      interfaces: eth0
      sources:
      services: smtp smtp-submission pop3 pop3s imap imaps ssh
      ports:
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:


      public (active)
      target: default
      icmp-block-inversion: no
      interfaces:
      sources: <MY_IP>
      services: ssh dhcpv6-client http https
      ports: 22/tcp
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:


      I have the services http and https in the public zone and added "MY_IP" as the only source for this zone. I dont even have an interface for the public zone. When I try to connect to my http and https services with an IP that is not "MY_IP" I am able to do it. It is my understanding that if I add "MY_IP" as the only traffic source, "MY_IP" is the only one that is supposed to have access to the http and http services, if that is not the case, how can I prevent any traffic from a source other than "MY_IP" from reaching to the http and https services in the public zone? Thanks for the help.









      share













      I have 2 zones in my VPS:



      iredmail (active)
      target: default
      icmp-block-inversion: no
      interfaces: eth0
      sources:
      services: smtp smtp-submission pop3 pop3s imap imaps ssh
      ports:
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:


      public (active)
      target: default
      icmp-block-inversion: no
      interfaces:
      sources: <MY_IP>
      services: ssh dhcpv6-client http https
      ports: 22/tcp
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:


      I have the services http and https in the public zone and added "MY_IP" as the only source for this zone. I dont even have an interface for the public zone. When I try to connect to my http and https services with an IP that is not "MY_IP" I am able to do it. It is my understanding that if I add "MY_IP" as the only traffic source, "MY_IP" is the only one that is supposed to have access to the http and http services, if that is not the case, how can I prevent any traffic from a source other than "MY_IP" from reaching to the http and https services in the public zone? Thanks for the help.







      linux centos networking firewalld





      share












      share










      share



      share










      asked 2 mins ago









      Fxbaez

      109228




      109228

























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479019%2ffirewalld-sources%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f479019%2ffirewalld-sources%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?