I would like to blackhole certain netblocks in IPv4 and IPv6 using the standard routing table. Does firewalld have support for doing this?
On Sun, Oct 13, 2019 at 04:13:21PM -0700, Stephen Satchell wrote:
I would like to blackhole certain netblocks in IPv4 and IPv6 using the standard routing table. Does firewalld have support for doing this?
It's not exactly the same thing, but you can add any block of IPs to the "drop" zone.
# firewall-cmd --zone=drop --add-source=<cidr>
However, firewalld does not yet support forward filtering. So this will only affects traffic destined to or originating from the host.
Of course, you could always use a --direct rule to get forward filtering.
Hope that helps. Eric.
firewalld-users@lists.fedorahosted.org