Firewalld - Block an IP Address
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 5 of 5
  1. #1
    Join Date
    Feb 2014
    Location
    USA
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Firewalld - Block an IP Address

    I looked for examples on how to block an IP address with Firewalld, but I could not find one that would let me implement it quickly. I hope this helps someone and/or someone can add to this example.

    The following command will add the rule to the default zone. This is not permanent. If the service is restarted it will be lost.

    firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    The following adds the rule permanently to the default zone, but the service must be restarted.

    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    systemctl restart firewalld.service


    To block an IP address within a specific zone:

    firewall-cmd --permanent --zone="public" --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    systemctl restart firewalld.service

    Note1: reject or drop can be used interchangeably.

    Note2: The use of quotation marks are important.

    .

  2. #2
    Join Date
    Nov 2003
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Firewalld - Block an IP Address

    Interesting: I had to reverse the single and double quotes in your example, or my zsh/F20 would not accept it:
    firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.101.111' reject"

  3. #3
    Join Date
    Jul 2005
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Firewalld - Block an IP Address

    Quote Originally Posted by phedora
    Interesting: I had to reverse the single and double quotes in your example, or my zsh/F20 would not accept it:
    firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.101.111' reject"
    Thanks, I needed this. Appreciate it.

  4. #4
    Join Date
    Aug 2010
    Location
    Al Ain, UAE
    Posts
    2,019
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Firewalld - Block an IP Address

    Hmmm, my conclusion is that firewalld replaces the well documented, complex iptables syntax, with undocumented, obscure, complex syntax. Goodness knows why Redhat thinks it is an improvement.

  5. #5
    Join Date
    Mar 2015
    Location
    South Carolina
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Firewalld - Block an IP Address

    Quote Originally Posted by up2long
    I looked for examples on how to block an IP address with Firewalld, but I could not find one that would let me implement it quickly. I hope this helps someone and/or someone can add to this example.

    The following command will add the rule to the default zone. This is not permanent. If the service is restarted it will be lost.

    firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    The following adds the rule permanently to the default zone, but the service must be restarted.

    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    systemctl restart firewalld.service


    To block an IP address within a specific zone:

    firewall-cmd --permanent --zone="public" --add-rich-rule='rule family="ipv4" source address="192.168.101.111" rejectí


    systemctl restart firewalld.service

    Note1: reject or drop can be used interchangeably.

    Note2: The use of quotation marks are important.

    .
    The double quotes around "ipv4" and the ip "192.x.x.x" are not necessary.
    You can just issue
    firewall-cmd --add-rich-rule="rule family=ipv4 source address=115.0.0.0/8 reject"

Similar Threads

  1. firewalld allow ssh only from known ip address
    By BostonDriver in forum Servers & Networking
    Replies: 1
    Last Post: 25th October 2013, 04:34 PM
  2. Replies: 2
    Last Post: 12th May 2013, 02:25 PM
  3. trying to block a mac address using iptables !
    By hermouche in forum Security and Privacy
    Replies: 32
    Last Post: 7th January 2009, 11:24 AM
  4. Replies: 4
    Last Post: 23rd October 2008, 10:19 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •