mirror of
https://codeberg.org/hyperreal/techne
synced 2024-11-01 14:23:06 +01:00
33 lines
1.3 KiB
Org Mode
33 lines
1.3 KiB
Org Mode
#+title: Firewalld
|
|
#+setupfile: ../org-templates/page.org
|
|
|
|
** Allow connections only from certain IP addresses
|
|
|
|
Source: [[https://serverfault.com/a/798120][FirewallD: Allow connections only from certain IP addresses]]
|
|
|
|
- Do not use rich rules for this.
|
|
- A firewalld zone corresponds to a set of services that you want to allow, and the sources of the traffic to those services.
|
|
- Traffic sources can be designated in two ways: by interface, or by source IP address. Traffic that matches /any/ source passes this check.
|
|
|
|
Create a new zone for Kali Linux IP addresses:
|
|
#+begin_src shell
|
|
sudo firewall-cmd --permanent --new-zone=kali
|
|
sudo firewall-cmd --reload
|
|
#+end_src
|
|
|
|
Enable the services allow for kali zone:
|
|
#+begin_src shell
|
|
sudo firewall-cmd --zone=kali --permanent --add-service=ssh
|
|
sudo firewall-cmd --zone=kali --permanent --add-service=rsyncd
|
|
sudo firewall-cmd --reload
|
|
#+end_src
|
|
|
|
Add the IP addresses allowed to reach the above services. Ensure there are no interfaces designated to this zone.
|
|
#+begin_src shell
|
|
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 1>
|
|
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv6 addr>
|
|
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 2>
|
|
sudo firewall-cmd --zone=kali --permanent --add-source=<IPv4 addr 3>
|
|
sudo firewall-cmd --reload
|
|
#+end_src
|