On 11/09/13 18:52, poma wrote:
On 11.09.2013 17:55, Sergio Villar Senin wrote:
> On 11/09/13 13:37, poma wrote:
>> On 11.09.2013 12:18, Sergio Villar Senin wrote:
>>> sometimes is useful to allow connections from a specific combination of
>>> of source_address:source_port. For example if you want to allow the
>>> icecream autodiscovery service in your local network you would likely
>>> want to allow connections coming from:
>>> 192.168.1.0/24:8765 udp
>>> I think this is a very common use case in local networks where you have
>>> services running in well-known ports that use random ports in your local
>>> machine to setup connections.
>>> Is there any way to do that in firewalled?
>> It would be awkward if it can't. :)
>> man 5 firewalld.richlanguage
> I've read the richlanguage syntax and still I cannot find the way to
> specify the source port, because the <port> element is translated to the
> destination port in the iptables rule and the <source> element only
> allows to specify the address, not the port.
firewall-cmd --permanent --add-rich-rule='rule port port="8765"
protocol="udp" family="ipv4" source
As I said in my previous email, and if I understand the language
correctly, what you are saying in that rule is that you want to allow
udp traffic from _any_ port from 192.168.1.0/24 to my local port 8765.
That's confirmed by iptables:
$ iptables -L IN_work_allow
Chain IN_work_allow (1 references)
target prot opt source destination
ACCEPT udp -- 192.168.1.0/24 anywhere udp
dpt:8765 ctstate NEW
As you can see the port that is set is the destination port (dpt:8765),
but I want to allow communications _only_ from that port, i.e, I want to
specify the source port, I don't care about the destination port.
Using again iptables terminology, I want to set the "--sport" not the