#+title: Firewalld
#+setupfile: ../org-templates/page.org

** Allow connections only from certain IP addresses

Source: [[https://serverfault.com/a/798120][FirewallD: Allow connections only from certain IP addresses]]

- Do not use rich rules for this.
- A firewalld zone corresponds to a set of services that you want to allow, and the sources of the traffic to those services.
- Traffic sources can be designated in two ways: by interface, or by source IP address. Traffic that matches /any/ source passes this check.

Create a new zone for Kali Linux IP addresses:
#+begin_src shell
sudo firewall-cmd --permanent --new-zone=kali
sudo firewall-cmd --reload
#+end_src

Enable the services allow for kali zone:
#+begin_src shell
sudo firewall-cmd --zone=kali --permanent --add-service=ssh
sudo firewall-cmd --zone=kali --permanent --add-service=rsyncd
sudo firewall-cmd --reload
#+end_src

Add the IP addresses allowed to reach the above services. Ensure there are no interfaces designated to this zone.
#+begin_src shell
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 1>
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv6 addr>
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 2>
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 3>
sudo firewall-cmd --reload
#+end_src