firewalld rich rules

0. Online help

man firewall-cmd [SEE ALSO section: firewalld.richlanguage]

man firewalld.richlanguage [EXAMPLES section]

1. Cheat-sheet

# Rich rule format

firewall-cmd --add-rich-rule='RULE'

# deny "172.16.2.0/24" to access ssh

rule family="ipv4" source address="172.16.2.0/24" service name="ssh" reject

# allow "192.168.100.0/24" to access ssh
rule family="ipv4" source address="192.168.100.0/24" service name="ssh" accept

# forward traffic to tcp:5230 comming from 192.168.100.0 to 22
rule family="ipv4" source address="192.168.100.0/24" forward-port port="5230" protocol="tcp" to-port="22"