Score:0

FirewallD block some IPs and allow all the rest

at flag

I'm new in firewallcmd managment, so probably I'm asking a simple question. What I have to do is allow all incoming connections except for some IPs.

To block IPs I used the "block" zone:

firewall-cmd --zone=block --add-source=5.13.70.0/24
firewall-cmd --zone=block --add-source=192.168.10.2

This is working perfect on all interfaces, but what I have to do now is allow ALL incoming/outgoing traffic from/to other IPs.

For sure I can use the following to enable specific IP:

firewall-cmd --zone=trusted --add-source=10.5.123.0/24

But I need to block only some IPs who try to connect to my server and allow the rest of the traffic. Any clue? Thank you Lucas

EDIT: Well, maybe I can use this one to allow all, keeping IPs in block zone:

firewall-cmd --zone=trusted --add-source=0.0.0.0/0

This should allow all inconming/outgoing traffic except from IP in block zone. Am I wrong?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.