Firewalld how to deny IP with service httpd https open to world

Comments

On our public apache servers, RHEL 7.5 we have http https service open:

services: http https
But I need to block a couple IP's and can't seem to find a way.

I have added several rules:
le family="ipv4" source address="206.162.242.188" reject
rule family="ipv4" source address="206.162.241.8" reject
rule family="ipv4" source address="206.162.242.188" port port="80" protocol="tcp" reject
rule family="ipv4" source address="206.162.242.188" port port="443" protocol="tcp" reject
rule family="ipv4" source address="206.162.241.8" port port="443" protocol="tcp" reject
rule family="ipv4" source address="206.162.241.8" port port="80" protocol="tcp" reject

But they done seem to have any effect. Also added the IP's to drop zone, as I read elsewhere should do it.
drop (active)
target: DROP
icmp-block-inversion: no
interfaces:
sources: 206.162.241.8 206.162.242.188
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
But still they are getting through. Can I even to what I want to do at this level?

Thanks
Mitch

Started 2019-02-25T15:32:09+00:00 by

Mitchell Baker

Community Member 47 points

Select Your Language

Firewalld how to deny IP with service httpd https open to world

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links