how to block incoming and outgoing connections with IP?
by Patrick Hinkley
Given an IP address, how can I prevent any connection both to and from that IP? If there are multiple methods, please describe the pros and cons of each.
I've found a lot of contradictory and confusing information about this online and in the documentation.
Thanks for any help!
8 years, 7 months
Adding missing icmp-types
by Wallace Tan
Hi,
How do we add the missing icmptypes in firewalld?
For example: timestamp-reply and timestamp-request
# firewall-cmd --get-icmptypes
destination-unreachable echo-reply echo-request parameter-problem redirect
router-advertisement router-solicitation source-quench time-exceeded
# ls -l /usr/lib/firewalld/icmptypes/
total 36
-rw-r-----. 1 root root 222 Jun 10 2014 destination-unreachable.xml
-rw-r-----. 1 root root 173 Jun 10 2014 echo-reply.xml
-rw-r-----. 1 root root 210 Jun 10 2014 echo-request.xml
-rw-r-----. 1 root root 225 Jun 10 2014 parameter-problem.xml
-rw-r-----. 1 root root 185 Jun 10 2014 redirect.xml
-rw-r-----. 1 root root 227 Jun 10 2014 router-advertisement.xml
-rw-r-----. 1 root root 223 Jun 10 2014 router-solicitation.xml
-rw-r-----. 1 root root 248 Jun 10 2014 source-quench.xml
-rw-r-----. 1 root root 253 Jun 10 2014 time-exceeded.xml
Thanks,
Wallace
8 years, 10 months
FirewallD and VLans
by Jonathan Ramirez
Hello all.
I have to admit that it's been a bit difficult for me to see the whole
picture of how FirewallD works, so I need a little bit of help figuring
out some things.
Like for example: I'm configuring a WAN/LAN gateway and I'm working with
VLANs as well. For this, I'm using the External zone for WAN and
Internal zone for LAN/VLAN, so far we're good but, I can't find the way
to make exceptions without using the --direct option.
In short, I have:
VLAN99=192.168.99.0/24
VLAN100=192.168.100.0/24
VLAN200=192.168.200.0/24
I want to make VLAN100 and VLAN200 have access to VLAN99 and viceversa
but VLAN100 does not have access to VLAN200 and viceversa.
I tried this rich rule and got errors:
firewall-cmd --zone=internal --add-rich-rule='rule family="ipv4" source
address="192.168.100.0/24" destination address="192.168.200.0/24" reject'
Error: INVALID_RULE: destination action
I appreciate any suggestions you can give me to sort this out.
--
Cheers,
Jonathan.
9 years
firewalld git repo migrated to github
by Thomas Woerner
Hello,
the git repo of firewalld has been migrated over to github.
There are two main reasons for this move:
- Better tools at github.
- Get more people involved into firewalld development by making it
independent of fedorahosted.
Here is the new location: https://github.com/t-woerner/firewalld
The old git repo at fedorahosted will stay for some time but there will
be no further change in this repo.
The mailing lists will still be located at fedorahosted, as github does
not provide mailing lists. If you have a good (and independent?)
location for the mailing lists, then please let me know and we can talk
and think about it.
Regards,
Thomas
9 years