Firewalld - how to block ip address?

wojtekdublin

New Member
Joined
Mar 10, 2019
Messages
4
Reaction score
0
Credits
23
I have tried bock public ip address (www.google.com) using firewalld rich-rule flag:

sudo firewall-cmd --permanent --zone=FedoraServer --add-rich-rule='rule family="ipv4" source address="212.77.98.9" reject'
sudo firewall-cmd --reload

However after adding the rule I can still access www.google.com from browser and ping the ip address.Does anyone know how to fix this issue?

Thanks in advance.
 
Last edited:


You should use destination instead of source since you are trying to block outgoing connections to that ip adress and not incoming connections from that ip address.
 
As advised I have tried the following command to block the destination IP address:

firewall-cmd --permanent --zone=FedoraServer --add-rich-rule='rule family="ipv4" destination address="X.X.X.X" reject'

Output of the command 'firewall-cmd --list-all' for the relevant part is:
...
rich rules:
rule family="ipv4" source address="X.X.X.X" reject
rule family="ipv4" destination address="X.X.X.X" reject

However the IP address has not been blocked. I am still able to access the website with its IP address.
 
Does this have any meaning for you ??....this is out of my knowledge area....just a guess.

HERE
 
According to the richrule documentation source and destination should be setup in the same rule. Try something like this.
firewall-cmd --permanent --zone=FedoraServer --add-rich-rule='rule family="ipv4" source address=x.x.x.x destination address="212.77.98.9" reject'
Replacing x.x.x.x with your LAN network.
Then reload firewalld.
firewall-cmd --reload

If that doesn't work you are probably better off setting up nftables directly because firewalld is just a front-end for nftables. The way firewalld is setup with zones it's better usecase is with laptops or workstations and for server setups it's better to use nftables directly.
 

Staff online

Members online


Latest posts

Top