CentOS 7 - Allow a connection from a single IP only.
-
Using Firewall-CMD how can I allow access to a port but only from a curtain IP address?
-
-
Come use cases for this:
- Allowing myself to access my jumpbox from work, without making it available to the whole world.
- Allowing a remote sales person to connect to your PBX, without exposing it to the whole world.
- Allowing myself to VNC to my home desktop, without having it exposed.
-
eh that didn't list a single port
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept"
-
@johnhooks Good point, but now that I am thinking about it, maybe it doesn't need to
-
@anonymous said:
Allowing myself to access my jumpbox from work, without making it available to the whole world.
I use pubkeys and 2FA with time limited codes. It works really well.
Allowing myself to VNC to my home desktop, without having it exposed.
I just use ZeroTier or use the JumpBox as a proxy.
Allowing a remote sales person to connect to your PBX, without exposing it to the whole world.
That's only if they're the only ones on the network with that IP address. If you do it that way, then everyone on their network would have access also.
-
@anonymous said:
- Allowing a remote sales person to connect to your PBX, without exposing it to the whole world.
This only works when they have a static address. Otherwise, something like OpenVPN or ZeroTier work better.
-
@anonymous said:
Come use cases for this:
- Allowing myself to access my jumpbox from work, without making it available to the whole world.
MORE common than that would be allowing SSH FROM the Jump box to servers. The servers will often only allow connections from the jump box,.