On Wed, Oct 14, 2020 at 04:53:46PM -0000, Jason Long wrote:
Is it possible to open a port or service for just local network and
not globally? I should open that ports or services for specific IP
addresses or Firewalld has special option for it?
Use a zone. Put your local/internal interfaces in the "internal" or
"trusted" zone. Then add the services to those zones.
Assuming "eth1" is your internal interface:
# firewalld-cmd --zone internal --add-interface eth1
# firewalld-cmd --zone internal --add-service http
Alternatively, use a rich rule to restrict to a subset of addresses:
# firewalld-cmd --zone internal --add-rich-rule='rule family=ipv4 source
address="10.10.10.10" service name=http accept'