Source management
The problem that you may encounter using interfaces assigned to your zones is that it does not differentiate between network addresses. Often, this is not an issue as only one network address is bound to the NIC; however, if you have more than one address bound to the NIC, you may want to implement the firewalld
source. Like interfaces, sources can be assigned to zones. In the following command, we will add a network range to the trusted
zone and another range, perhaps on the same NIC to the public
zone:
# firewall-cmd --permanent --zone=trusted --add-source=192.168.1.0/24 # firewall-cmd --permanent --zone=public --add-source=172.17.0.0/16
Similar to interfaces, binding a source to a zone will activate that zone and will be listed with the --get-active-zones
option.