On Thu, Nov 15, 2018 at 01:18:49PM -0000, Steven Schroeder wrote:
I have set up firewalld to forward any incoming udp port 162 traffic to a remote server. I would like to add a second rule to forward udp port 162 traffic from a specific source IP to a different destination address, but it seems it will only match the first rule it finds.
Is this possible?
Yes, it's possible. The problem is your first rich rule is a "catch-all". It should work if you add the more specific rich rule first.
e.g.
rule family="ipv4" source address="<special IP>" forward-port port="162" protocol="tcp" to-port="<dest port>" to-addr="<dest IP>" rule family="ipv4" forward-port port="162" protocol="tcp" to-port="<dest port>" to-addr="<dest IP>"