In the earlier versions of Leap I used yast firewall to configure custom rules, that allowed me me to add specific ips with ports/ranges and everything worked fine.
In the new version, I see that things have changed, since now firewalld is the default firewall and yast firewall utility does not have all the GUI options for this.
I’m hoping you can help me figure out how to accomplish following:
I have 2 groups of ipv4 that need to access the machine.
group 1 needs ports: 3345 TCP, 3346 TCP and 5000-10000 UDP range
group 2 needs ports: 3345 TCP, 3346 TCP and 5000-10000 UDP range as well as port 22 TCP
If I understand correctly, I need to create ipsets. So one ipset will have group 1 ips, and secons ipset will have group 2 ips.
My questions are:
How do I tie 2 different ipsets with specific ports to same “external” interface?
IPs in the groups mentioned above can change, so I need to write a script that retrieves fresh ips, updates the ipsets and reloads firewall. What’s the correct way to do this? Can I overwrite a file somewhere in /etc/ ? Where are ipsets ips stored? (In SuseFirewall2 I used to inject a custom line in the config file and restart service)
I know I’ve asked a lot of questions but I hope I’ve clearly described what I am trying to accomplish. If not, please let me know and I can provide more detail.
Your advice is greatly appreciated.