FirewallD block some IPs and allow all the rest

Lucas Rey

5/28/23, 8:08 AM

I'm new in firewallcmd managment, so probably I'm asking a simple question. What I have to do is allow all incoming connections except for some IPs.

To block IPs I used the "block" zone:

firewall-cmd --zone=block --add-source=5.13.70.0/24
firewall-cmd --zone=block --add-source=192.168.10.2

This is working perfect on all interfaces, but what I have to do now is allow ALL incoming/outgoing traffic from/to other IPs.

For sure I can use the following to enable specific IP:

firewall-cmd --zone=trusted --add-source=10.5.123.0/24

But I need to block only some IPs who try to connect to my server and allow the rest of the traffic. Any clue? Thank you Lucas

EDIT: Well, maybe I can use this one to allow all, keeping IPs in block zone:

firewall-cmd --zone=trusted --add-source=0.0.0.0/0

This should allow all inconming/outgoing traffic except from IP in block zone. Am I wrong?

0 + 0

firewalld

firewalld-zone

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: FirewallD block some IPs and allow all the rest

TH: FirewallD บล็อก IP บางส่วนและอนุญาตส่วนที่เหลือทั้งหมด

RO: FirewallD blochează unele IP-uri și permite restul

RU: FirewallD блокирует некоторые IP-адреса и разрешает все остальные

VI: FirewallD chặn một số IP và cho phép tất cả các IP còn lại

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.