VICIgeek
Understanding firewalld, Zones, and ipsets in ViciBox

Understanding firewalld, Zones, and ipsets in ViciBox

When securing a ViciBox server, you may need to audit which IPs are allowed through firewalld. This guide explains how zones and ipsets interact, with sample commands.

1. List Zones

Run:

firewall-cmd --get-zones

Example output:

block dmz drop external home internal public trusted work

2. Check Active Zones and Interfaces

firewall-cmd --get-active-zones

This shows which interfaces belong to each zone.

3. Inspect All Rules in a Zone

firewall-cmd --zone=external --list-all

Typical output lists ipsets if they are in use:

external sources: ipset:whiteips ipset:whitenets ipset:dynamiclist services: ssh ports: 5060/udp 5061/udp

4. Show Sources Directly

If ipsets are not used, you might see individual IPs:

firewall-cmd --zone=external --list-sources

Example:

203.0.113.5 198.51.100.0/24

5. Query ipsets

View all ipsets:

ipset list

Or list members of a specific set:

ipset list whiteips

Output resembles:

Name: whiteips Type: hash:ip Members: 203.0.113.5 198.51.100.23

6. Reload After Changes

After updating firewall rules, reload configuration:

firewall-cmd --reload

This ensures new rules take effect immediately.

ViciBox firewalld ipset Security

Ad Space (Demo)