drop ip blacklist with firewalld centos 7 [closed]

linux iptables centos7 firewalld

Solution 1:

The best way to manage firewall rules with large numbers of IP-addresses remains with ipset.

Then create a set of ip-addresses:

ipset create blacklist hash:ip hashsize 4096

and add each of the ip-addresses you need to block:

ipset add blacklist 192.168.0.5 
ipset add blacklist 192.168.0.100 
ipset add blacklist 192.168.0.220

AFAIK firewalld does not yet have a API method for adding the required iptables rule that works on the match module so you're going to end up doing something slightly ugly like this, I think: 

firewall-cmd --direct --add-rule ipv4 filter INPUT 0  -m set --match-set blacklist src -j DROP

instead of the usual iptables -I INPUT -m set --match-set blacklist src -j DROP you would have done without firewalld.

Related

Block HTTPS traffic to only selected sites
Website pages very slow to load on first access
Nginx automatic failover
Remote Fedora system unresponsive, odd but consistent behavior when trying to log in
having problems expanding the space of one partition on a disk
Deprovision Azure VM from guest
make rpm find dependencies in a specific location
cwrsync on Server 2008 R2 as a scheduled task
Why does my Fedora HD come up as 124GB when it was created to be 700GB in Hyper-V?
Catalyst 3500 XL and Bandwidth Limiting
SQL Server 2008 Access Denied
Nginx log proxy_passed custom header