Reputation: 4099
How to add range of ports in firewall-cmd direct rule
I want to add a range of OUTPUT chain ports using firewall-cmd using its direct rule method, something like this:
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=80-1000 -j ACCEPT
This says success however not seem to work
Upvotes: 1
Views: 4581
Answers (2)
Reputation: 371
The below command will accept traffic from ports 22,53 and 80 (see source):
/sbin/iptables -A INPUT -p tcp --match multiport --dports 22,53,80 -j ACCEPT
I prefer this variation with reload required for permanent rules only:
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -m multiport --dport 22,53,80 -j ACCEPT && sudo firewall-cmd --reload
Upvotes: 0
Reputation: 582
Use a comma, i.e. --dport 80,1000.
That said, using direct rules is discouraged (your command returns 'success' because firewall-cmd doesn't check the directly entered iptables syntax -- it assumes you have the rule correct). Man page says:
Direct options should be used only as a last resort when it's not possible to use for example --add-service=service or --add-rich-rule='rule'.
See Configuring Complex Firewall Rules with the "Rich Language" Syntax.
Upvotes: 1
Related Questions
- Converting IPTables rules to Firewalld
- firewall-cmd centos port forwarding seems not to work?
- How to enable firewall on Centos 7?
- Open a port in firewall with Java?
- IPTables Range of Ports
- Add Rich Rules in Firewalld using Python3 Loop
- add rule to firewalld in Centos7 to allow all traffic from a server
- netsh advfirewall port range
- saving and restoring rich rules in some file using firewalld in RHEL 7
- Can I add range of ports in netsh add urlacl?