firewalld block ip ranging but allow single ip
 

So I need the following.


allow 192.168.1.5 http
deny 192.168.1.0\24 http


So here are my firwalld command.
if i apply the first rule everyone gets in.If I apply both rules no one gets in. Basically I only want one IP getting to the web site.

Have you tried only to add the first rule without the second? I believe others are blocked by default, but don't quote me on this as I haven't worked with firewalld.

That did it. I swear I had tried that before. Thanks

ok maybe this isnt solved.


I added a log rule now everyone can access it. Here is my output

I removed all those rules and added this one.


rule family="ipv4" source address="192.168.1.5" service name="http" log prefix="httpd" level="info" limit value="1/m" accept

Now only 1.5 can get to the site and it gets a log in /var/log/message. I don't see any log for ips other then 1.5. I need to log all request to the web site.

Have you tried adding the logging rule after the access rule?

I would love to but I have tried adding and removing them in different orders but they always end up like this.

rule family="ipv4" service name="http" log prefix="httpd" level="info" limit value="1/m" accept
rule family="ipv4" source address="192.168.1.5" service name="http" accept


This way everyone gets in and it gets logged. I tried adding the log with a drop instead of accept but it blocks everyone again. I am going to remove the log rule and come back to this when I have time.

Thanks lazydog for your help.

I couldn't resist I had to try again.


This works.

firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" service name="http" log prefix="httpd" level="info" limit value="1/m"' --permanent


Removing accept seems to have fixed it.