In FirewallD, the `--source`
option allows you to specify a network or an IP address as the source for applying the rules. It is used to specify the network or IP address that is allowed to access the port or service that is being opened. The `--add-source`
option is used to specify multiple networks or IP addresses as the source for the rules being applied. It is used in conjunction with the `--permanent`
option to add multiple sources to a rule already configured in the firewall.
Open Port for Single IP/Network
For example, the following command will open port `80` for the network `192.168.1.0/24`
:
firewall-cmd --permanent --zone=public --add-port=80/tcp --source=192.168.1.0/24
In this case, the `--source`
option specifies that the network 192.168.1.0/24 is allowed to access port 80.
You can also use the `--source`
option to specify a single IP address as the source. For example:
firewall-cmd --permanent --zone=public --add-port=80/tcp --source=192.168.1.100
This will open port 80 for the IP address 192.168.1.100.
Reload the FirewallD configuration to apply the changes. You can do this by running the following command:
firewall-cmd --reload
Open Port for Multiple IP/Network
You can use the `--add-source`
option instead of `--source`
to add multiple sources to the rule.
For example, the following command will add the network 192.168.2.0/24 as an additional source for the rule that opens port 80:
firewall-cmd --permanent --zone=public --add-source=192.168.2.0/24 --add-port=80/tcp
You can add multiple sources by separating them with a space. For example:
firewall-cmd --permanent --zone=public --add-source=192.168.2.0/24 192.168.3.0/24 --add-port=80/tcp
This will add the networks 192.168.2.0/24 and 192.168.3.0/24 as additional sources for the rule that opens port 80.
Note: You can use the `--source`
option instead of `--add-source`
to specify a single source for the rule. The –source option will overwrite any existing sources for the rule, while –add-source will add the specified source to the existing list of sources.
Reload the FirewallD configuration to apply the changes. You can do this by running the following command:
firewall-cmd --reload
You can verify that the port has been opened by using the firewall-cmd command with the –list-ports option. For example `firewall-cmd --zone=public --list-ports`
will list all the ports that are open in the public zone.
Conclusion
In conclusion, FirewallD is a powerful tool that can be used to control incoming and outgoing network traffic on a Linux system. It allows you to open specific ports for specific networks, providing an additional layer of security for your system. To open a specific port for a specific network in FirewallD, you will need to install and start the FirewallD service, and then use the firewall-cmd command with the –permanent, –zone, –add-port, and –source options. You can then verify that the port has been opened by using the –list-ports option. By following these steps, you can easily open a specific port for a specific network in FirewallD and improve the security of your system.