I wanted to create a zone named "bad" with a target=reject and source=10.100.0.0/24 which will basically reject all traffic from that subnet. In the zone.
Now, if I want to allow traffic to SSH from that subnet, how can I do that?
I tried adding service SSH to "bad" zone but no luck, then I tried to add a rich rule no luck...
I tried to do what a firewall would normally do, which is denying all request that didn't match any rule...
Thanks
Would something like this work? I'm frankly not sure if this covers your situation or not. It seems like it would but I've not tested it. This would be if you wanted to, say, allow incoming ssh connections from 15.15.15.0/24
INPUT -p tcp -s 15.15.15.0/24 --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT
firewall-cmd --permanent --new-zone=bad
firewall-cmd --zone=bad --add-rich-rule 'rule family=ipv4 service name=ssh source address=10.100.0.0/24 accept' --permanent
firewall-cmd --set-default=bad --permanent
firewall-cmd --reload
