How to open port for a specific IP address on CentOS 7

This article will describe how to open a port for a specific IP address on CentOS 7.

To open a port for any source IP a simple rule can be applied using firewall-cmd command line:

$ firewall-cmd --zone=public --add-port=80/tcp --permanent

To open a port for a specific IP address the add-rich-rule need to be used:

$ firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="10.10.99.10/32"
  port protocol="tcp" port="80" accept'

After any firewall rules change, a reload is needed:

$ firewall-cmd --reload

To test the new rule you can use telnet command from the source address.

Also if want to see or edit directly the configuration file you can do it directly by running the following command:

$ vi /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
  <rule family="ipv4">
    <source address="10.10.99.10"/>
    <port protocol="tcp" port="80"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source address="10.10.99.11"/>
    <port protocol="tcp" port="80"/>
    <accept/>
  </rule>
</zone>