I have been using the old iptables module for years, but now I had to switch to firewalld. I didn’t change before because the firewalld module in Webmin misses necessary settings, such as managing the ‘sources’ list of a zone.
More stuff is probably missing as well, but this one means that the firewalld module is almost unuseable. Not only do I have to manage the IP lists by hand, but they even don’t show up in Webmin.
Is it a bug, or what ? I cannot believe that the developers of the module don’t care filtering the sources of a zone ?
Could you provide more details on what you’re expecting to see and what’s missing? Using the Firewalld CLI would be the best example to illustrate what the UI lacks.
There are other firewalls supported in Webmin. I don’t use them because I’m using the Virtualmin bundle. I don’t know if they are better suited for your purpose because I don’t use them.
==> result: the IP is added to the sources for the zone, here 11.22.33.44 would be allowed to access the services allowed for the zone, while 120.26.95.123 (hacker’s IP) would be blocked to even see that the server is up.
To list the sources :
firewall-cmd --list-sources --zone=trusted
=> gives the list of these IP for the zone.
There is also --remove-source.
I believe that it would be possible to show the result of --list-sources while displaying the data for the zone (for instance before the rules), edit this list, and do a combination of --add-source and --remove-source commands to updte firewalld’s settings, either --permanent or not. Or, like for the rules and ports, buttons to add / remove a source.
A new allow/deny feature is now available in the FirewallD module of Webmin 2.302. Would this work for you to allow specific IP addresses?
It’s a different think, it creates rich rules to allow / blocking an IP but that’s not about defining the scope of the zone. I suppose that I could use that if I had no other solution, after all, why to do simple things if complicated ones are possible ?
We do not support it at this time.
Ok so we have a firewall module who can’t manage source IPs. Hard to understand, but never mind. The IPTables module was so well designed…