Open a port for an IP range

Friday, Jun 8, 2018
Linux security

Using firewalld this is a so called rich rule. To open the ssh port for 192.168.1.0/24 you have to do like this:

firewall-cmd --permanent --zone=home --add-rich-rule='
  rule family="ipv4"
  source address="192.168.1.0/24"
  port protocol="tcp"
  port="22"
  accept'

assuming you have just enabled dhcpv6-client as a service our XML looks like something like this:

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Work</short>
  <description>For use in work areas. You mostly trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <rule family="ipv4">
    <source address="10.200.13.0/24"/>
    <port protocol="tcp" port="22"/>
    <accept/>
  </rule>
</zone>

Do not forget to reload you firewall configuration using firewall-cmd --reload