In firewalld, I can assign a zone to an network interface. A zone contains some firewall rules.
Now I have a network interface with different levels of trust (172.16.1.1/32
should have special access in the 172.16.1.0/24
network). For example SSH access for an admin host.
The only way I found to realize that, is to use a rich rule. But I am not happy with this approach, because it's basically an iptables rule without the possibility to give a description.
Is there a way to create a separate zone or subzone for the admin host?
The advantage would be, that the configuration is more readable.
I could create a ManagmentZone with special permissions. And when another Admin-PC
comes to life, I can simply add its address to this zone.
Best Answer
Yes, you can create new zones:
https://fedoraproject.org/wiki/FirewallD#How_to_configure_or_add_zones.3F
From http://www.certdepot.net/rhel7-get-started-firewalld/