I have searched a lot about this, this is possible to have many of these commands one for each ip:
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.185.0.0/112 -j REJECT
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.198.0.0/115 -j REJECT
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.198.48.0/116 -j REJECT
...
But since I have more than 3 thousand of these it takes for ever to add these after each reboot and it's a real pain, also my server froze completely and I had to reboot it by force!
So that's not a great idea!
Searching more I found that I can use --add-entries-from-file but still couldn't find a way to do that for only outgoing not also incoming!
firewall-cmd --permanent --ipset=blacklist --add-entries-from-file=./cn.zone
firewall-cmd --permanent --zone=drop --add-source=ipset:blacklist
firewall-cmd --reload
I want my ip list to be only blocked for outgoing not incoming, also I have a list of ipv6 as well as ipv4 which I'd like to block as well.
