Skip to content

Instantly share code, notes, and snippets.

@datacustodian

datacustodian/CentOS_7_Firewall_Whitelisting.md

Created June 24, 2017 15:11
Show Gist options
  • Save datacustodian/04db45990cef75a63f378104a297f5a6 to your computer and use it in GitHub Desktop.
Save datacustodian/04db45990cef75a63f378104a297f5a6 to your computer and use it in GitHub Desktop.
Download ZIP
CentOS 7 Firewall Whitelisting
Raw
CentOS_7_Firewall_Whitelisting.md

CentOS 7 Firewall Whitelisting

List sources for your zone:

firewall-cmd --permanent --zone=public --list-sources

If there are none, you can start to add them, this is your "whitelist"

firewall-cmd --permanent --zone=public --add-source=192.168.100.0/24
firewall-cmd --permanent --zone=public --add-source=192.168.222.123/32

(That adds a whole /24 and a single IP)

Set the range of ports you'd like open:

firewall-cmd --permanent --zone=public --add-port=1-22/tcp
firewall-cmd --permanent --zone=public --add-port=1-22/udp

This just does ports 1 through 22. You can widen this, if you'd like.

Reload:

firewall-cmd --reload

Check:

firewall-cmd --zone=public --list-all
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment