Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba
williamconley wrote:public vs private zones only work if they are on completely different interfaces (ie: different network cards) as a rule. The Zone is usually identified by the network device/card (often eth0 or eth1 or ens192 etc).
if you only have one network card and it has only a private network, you should just open the private network to all ports. Since there is really only one zone.
iptables-save
Fares MEHENI wrote:-A IN_public_allow -p udp -m udp --dport 10000:20000 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m set --match-set whiteips src -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m set --match-set whitenets src -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -I INPUT 1 -p tcp -m set --match-set whiteips src -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
iptables -I INPUT 1 -p tcp -m set --match-set whitenets src -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
iptables -I INPUT 1 -s 192.168.1.0/24 -j ACCEPT
firewall-cmd --permanent --add-rich-rule '.....'
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" accept'
firewall-cmd --add-rich-rule 'rule family="ipv4" source ipset="whiteips" port protocol="udp" port="10000-20000" accept'
Kumba wrote:Yes, IP Whitelisting works, but it's not as simple as set and forget.
marveelou wrote:I've also encountered same issue, I'm not a master of iptables but as far as I understand the matching rule name is different from the VB_firewall script.What i did was only workaround to insert iptables to match whitelistips name in the iptables rules. Here are the code,
iptables -I IN_public_allow 2 -p udp -m set --match-set whitelistips src -m udp --dport 5060 -m conntrack --ctstate NEW -j ACCEPT
iptables -I IN_public_allow 2 -p udp -m set --match-set whitelistips src -m udp --dport 4569 -m conntrack --ctstate NEW -j ACCEPT
iptables -I IN_public_allow 2 -p tcp -m set --match-set whitelistips src -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
iptables -I IN_public_allow 2 -p tcp -m set --match-set whitelistips src -m tcp --dport 8089 -m conntrack --ctstate NEW -j ACCEPT
iptables -I IN_public_allow 2 -p tcp -m set --match-set whitelistips src -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
Thank you
Return to ViciBox Server Install and Demo
Users browsing this forum: No registered users and 15 guests