CentOS 7
I have two zones (home and public). I'd like to allow SSH from my home but not from public.
[root@foobox ~]# firewall-cmd --list-all --zone=home
home (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources: 1.2.3.4
services: ssh https
ports: 12345/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@foobox~]# firewall-cmd --list-all --zone=public
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks: echo-reply
rich rules:
Since there's no interface or source associated with the public zone, I suspect that everything is matching home and using that.
I only have one interface and don't want to create a dual-homed setup... so how can I tell firewall-cmd "if the remote client is coming from 1.2.3.4 use the home zone... if it's any other remote source IP, use the public zone"?
I thought it might be as simple as just adding an interface but I get an error:
[root@foobox ~]# firewall-cmd --permanent --zone=public --add-interface=eth0
Error: ZONE_CONFLICT: eth0
