I can't get the services attaches to the block zone working for sources attached to those zones. I was wondering what the inteded purpose of source->zone<-service was..!
I was trying to use the default zone as the drop zone with few service enabled. It works fine. However, I want the ICMP rejects for packets coming from a network mask (ex 172.128.0.0/16), but drop everything else like above with a few service enabled. So I added the netmask to the sources list in block zone, and enabled the above services. But I cant get any services working for those source addresses..!
I am confused! help?
Ex.
block
interfaces:
sources: 172.128.0.0/16
services: bacula bacula-client dhcpv6-client ssh http
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
drop (default, active)
interfaces: em1
sources:
services: bacula bacula-client dhcpv6-client ssh http
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
