How to Enable Port for a Specific IP Address in Firewalld

Firewalld is a progressive daemon to handle firewall with support for networks zones. In the earlier version, RHEL & CentOS 6 we have been applying iptables as a daemon for packet filtering framework.


Traffic from a specific IP address in private network or traffic from a specific private network can hold through firewalld, to a specific port or service on a Red Hat Enterprise Linux (RHEL) or CentOS server.


The most relevant way to solve this is by using a firewalld zone. So, you need to generate a new zone that will hold the new configurations.

 

Open Port for Specific IP Address in Firewalld

 

First create an appropriate zone name (in our case, we have used MariaDB-access to provide access to the MySQL database server)

# firewall-cmd --new-zone=mariadb_access --permanent


Next, reload the firewalld settings to apply the new switch. If you jump this step, you may get an error when you try to use the new zone name. This time around, the new zone should appear in the list of zones.

firewall-cmd --reload
# firewall-cmd --get-zones


Next, add the source IP address (10.24.96.5/20) and the port (3306) you want to open on the local server as shown. Then reload the firewalld settings to employ the new changes.

# firewall-cmd --zone=mariadb-access --add-source=10.24.96.5/20 --permanent
# firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent
# firewall-cmd --reload


Alternatively, you can allow traffic from the whole network (10.24.96.0/20) to a service or port.

# firewall-cmd --zone=mariadb-access --add-source=10.24.96.0/20 --permanent
# firewall-cmd --zone=mariadb-access --add-port=3306/tcp --permanent
# firewall-cmd --reload


To confirm that the new zone has the needed settings as added above, verify its details with the following command:

# firewall-cmd --zone=mariadb-access --list-all

 

Remove Port and Zone from Firewalld

 

You can remove the source IP address or network as shown.

# firewall-cmd --zone=mariadb-access --remove-source=10.24.96.5/20 --permanent
# firewall-cmd --reload

 

To exclude the port from the zone, issue the following command, and reload the firewalld settings:

# firewall-cmd --zone=mariadb-access --remove-port=3306/tcp --permanent
# firewall-cmd --reload

 

To remove the zone, run the following command, and reload the firewalld settings:

# firewall-cmd --permanent --delete-zone=mariadb_access
# firewall-cmd --reload

 

Last but not list, you can also practice firewalld rich rules. Here is an example:

# firewall-cmd --permanent –zone=mariadb-access --add-rich-rule='rule family="ipv4" source address="10.24.96.5/20" port protocol="tcp" port="3306" accept'

 

 

That’s it! We hope the above solutions worked for you.

Was this answer helpful? 0 Users Found This Useful (0 Votes)