firewalld rich language allows an administrator to easily configure more complex firewall rules without having knowledge of the
iptables syntax. This can include logging and examination of the source address.
To add a rule to allow NTP connection on the default zone, but logging the connection at no more than 1 per minute, use the following command:
# firewall-cmd --permanent \ --add-rich-rule='rule service name="ntp" audit limit value="1/m" accept' # firewall-cmd --reload
Similarly, we can add a rule that only allows access to the squid service from one subnet only:
# firewall-cmd --permanent \ --add-rich-rule='rule family="ipv4" \ source address="126.96.36.199/24" service name="squid" accept' # firewall-cmd --reload
From the ...