The Ask
ipset IPtables rule is needed on firewalld for the below rule:
-A INPUT -p tcp -m set --match-set SQL_1811 src -m set --match-set DB-IPs dst -m tcp --dport 1811 -j ACCEPT
The Answer
Below example using SQL_1811 and DB-IPs as IPsets for the two IP addresses (10.1.1.2 and 10.1.1.3)
# firewall-cmd --permanent --new-ipset=SQL_1811 --type=hash:ip # firewall-cmd --permanent --new-ipset=DB-IPs --type=hash:ip # firewall-cmd --reload # firewall-cmd --ipset=SQL_1811 --add-entry=10.1.1.2 # firewall-cmd --ipset=DB-IPs --add-entry=10.1.1.3 # firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -m set --match-set SQL_1811 src -m set --match-set DB-IPs dst -m tcp --dport 1811 -j ACCEPT