Changing the IPset rules from IPtables to Firewalld in CentOS/RHEL 7

The Ask

ipset IPtables rule is needed on firewalld for the below rule:

-A INPUT -p tcp -m set --match-set SQL_1811 src -m set --match-set DB-IPs dst -m tcp --dport 1811 -j ACCEPT

The Answer

Below example using SQL_1811 and DB-IPs as IPsets for the two IP addresses (10.1.1.2 and 10.1.1.3)

# firewall-cmd --permanent --new-ipset=SQL_1811 --type=hash:ip
# firewall-cmd --permanent --new-ipset=DB-IPs --type=hash:ip
# firewall-cmd --reload
# firewall-cmd --ipset=SQL_1811 --add-entry=10.1.1.2
# firewall-cmd --ipset=DB-IPs --add-entry=10.1.1.3
# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -m set --match-set SQL_1811 src -m set --match-set DB-IPs dst -m tcp --dport 1811 -j ACCEPT

The Ask

The Answer

You May Also Like