Firewalld understanding, accept just one IP
by kropex from LinuxQuestions.org on (#525VK)
It is hard for me to understand firewalld concept, this is why I opened this thread for clarification everything which is not clear for me and maybe for lot of people regarding firewalld config.
First of all, even if firewalld in CEntos seems to be a sophisticated and great firewall, why it is not possible to give access to one IP, one service and one application by using rich rule? Why this firewall can't be configured also per application use?
Also the challenge is how to let just one IP to use the list of services from default zone and the entire IPs to be locked? If for my default active zone with eth0 I have nothing in source but I have my service ssh active any IP can access my ssh service. So why to put an IP in source to have access if everybody has access if nothing is there?
First of all, even if firewalld in CEntos seems to be a sophisticated and great firewall, why it is not possible to give access to one IP, one service and one application by using rich rule? Why this firewall can't be configured also per application use?
Also the challenge is how to let just one IP to use the list of services from default zone and the entire IPs to be locked? If for my default active zone with eth0 I have nothing in source but I have my service ssh active any IP can access my ssh service. So why to put an IP in source to have access if everybody has access if nothing is there?