In this hands-on lab, you will need to use firewalld to create a new service, add that new service to permitted connections for the default zone, drop all traffic from an IPSet, and add a rich rule for traffic from a specific subnet.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a new service in firewalld.
- The service name should be: jobsub.
- The service’s ports are: TCP 5671-5677.
- This service should be enabled for the default zone (public).
- Create an IPSet in firewalld.
You will need to create an IPSet for the following IPs and name it
kiosk
:- 10.0.1.12
- 192.168.1.0/24
Send all traffic from the kiosk IPSet to the drop zone.
- Add a rich rule for TCP 8080 traffic.
Add a rich rule to accept traffic from 10.0.1.0/24 to port 8080:
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.0.1.0/24 port port=8080 protocol=tcp accept