O'Reilly logo

Learning RHEL Networking by Andrew Mallett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Using rich rules

The firewalld rich language allows an administrator to easily configure more complex firewall rules without having knowledge of the iptables syntax. This can include logging and examination of the source address.

To add a rule to allow NTP connection on the default zone, but logging the connection at no more than 1 per minute, use the following command:

# firewall-cmd --permanent \
--add-rich-rule='rule service name="ntp" audit limit value="1/m" accept'
# firewall-cmd --reload

Similarly, we can add a rule that only allows access to the squid service from one subnet only:

# firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" \ 
source address="192.166.0.0/24" service name="squid" accept'
# firewall-cmd --reload

From the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required