About
This page shows you how to filter your traffic based on a IP with firewalld rich rules.
HowTo
How to filter based on an IP
firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" protocol value="tcp" accept'
where:
- –permanent means that the rule will be used even after reboot.
- –add-rich-rule specifies the rich rule that has the following options:
- family - the type of IP:
- source address=“192.168.78.76/32” - the source specified as an cidr
- protocol value=“tcp” - the network protocol (ie TCP generally, UDP if you know what you are doing)
- accept - the action to take (accept|reject|drop|mark)
How to filter based on IP and Port
Execute this command:
firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" port port="8080" protocol="tcp" accept'
where:
- –permanent means that the rule will be used even after reboot.
- –add-rich-rule specifies the rich rule that has the following options:
- family - the type of IP
- source address=“192.168.78.76/32” - the source specified as an cidr
- port port=“8080” - the port defined by port (you could also have defined a service)
- protocol=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
- accept - the action to take
How to filter packets based on country
If you want to filter your packets by country, see this page:
How to restrict your firewall by country firewalld (ie iptable)
How to filter based on a subnet (Cloudflare)
If you want to filter your HTTP packet based on subnet such as all server from Cloudlfare, see this page:
How to allow only the HTTP traffic from a subnet such as Cloudflare with Firewalld?