firewalld - multiple services / sources?
If you have a system with one network interface, and you want to allow ssh from some addresses, freeipa-ldap from others, and https (which is part of freeipa-ldap) from another one; and you do not want to have a sea of rich rules... how do you do that?
I can't tell if firewalld is just really poorly documented or very limited. I am sorely tempted to disable it and just use good ol' iptables, but I don't like the kneejerk "Just disable it!" attitude, partly because one day there'll be something that you have to do "the new way", and you'll be far behind the curve. |
Quote:
Please don't take this the wrong way, but, given the multiple and diverse requirements you list, I suspect you would be in for a sea of rules regardless of the method you select for configuring iptables, as you seems to have a lake, if not a sea, of requirements. |
Quote:
It turns out you can point rich rules at a service instead of a port, so that helps to keep things manageable. |
You might want to combined IPTABLES with IPSET. Or you could compartmentalize your rules. Without knowing how many IP Address you are talking about and what you want to allow where it's kind of hard give a good answer.
|
Quote:
My only point was that it looked to be a relatively complex ruleset regardless of the means used to configure iptables. |
All times are GMT -5. The time now is 02:57 PM. |