Blocking IP addresses using Firewalld rhel 7.0

Latest response

Is there a way to block a specific ip address in firewalld ?

I know it can be done in iptables, however I would like to use the firewalld service.

Guy Rich's picture

Responses

I'm getting up to speed myself, so - please keep that in mind ;-)

From what I can gather, this activity is considered a "rich-rule"
http://fedoraproject.org/wiki/Features/FirewalldRichLanguage#Handle_rich_rules_with_the_command_line_client

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.11' reject"

Check here (Under "Actions"):
http://fedoraproject.org/wiki/Features/FirewalldRichLanguage

Thanks very much it seems simple enough.

Guy

Hello, see also Configuring Complex Firewall Rules with the "Rich Language" Syntax in the Red Hat Enterprise Linux Security Guide.

Just to add a side question.... Can you add the ip or range to the "blocked" or "drop" firewalld zone? No because interfaces are not active on those zones.

Great info, thanks for sharing!

I just added the following to the drop zone and it worked without any issue:

firewall-cmd --zone=drop --add-source=x.x.x.x/xx

replace x.x.x.x with the IP and you can add the subnet under /xx

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.