https://access.redhat.com/solutions/3906701
SOLUTION 已验证 - 已更新 2019年二月21日09:58 -
环境
- Red Hat Enterprise Linux 8
问题
- The TCP Wrappers package has been deprecated in RHEL 7 and therefore it will not be available in RHEL 8 or later RHEL releases.
决议
-
Firewalld can be used as a firewall level replacement for TCP Wrappers.
-
This example allows SSH for the 10.1.1.0/24 network and blocks it for all others.
firewalld
-
Firewalld operates at the firewall layer and can be used to restrict access to a given service. One approach is to create a new firewall zone for the 10.1.1.0/24 network and enable SSH in the new zone.
-
firewalld enables SSH in the default (public) zone by default. To only allow 10.1.1.0/24 SSH, first needs to be removed from the default zone. For other services, this step can be skipped.
# firewall-cmd --permanent --remove-service=ssh
- You can now create the new zone and add the SSH service.
# firewall-cmd --permanent --new-zone=mysshzone
# firewall-cmd --permanent --zone=mysshzone --add-source=10.1.1.0/24
# firewall-cmd --permanent --zone=mysshzone --add-service=ssh
- Then, reload the firewall to make the new configuration active.
# firewall-cmd --reload