I know I can use the below command to block a single ip:
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='115.239.228.12' reject"
but I need to block all ips starting from 115.239.x.x
I am having Cent os 7.
Thanks
Asked
Active
Viewed 9,524 times
4
ak111in
- 45
- 2
- 5
-
3I haven't used firewalld, but have you simply tried providing a cidr specification? `115.239.0.0/16`? – Zoredache Mar 20 '15 at 18:06
-
Sounds reasonable. It's the first thing I would try. – Michael Hampton Mar 20 '15 at 18:11
-
@Zoredache And [you are right](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#Using_the_Rich_Rule_Log_Command_Example_3) – Xavier Lucas Mar 20 '15 at 18:14
1 Answers
6
I am not a user of firewalld myself, but for most firewall implementations, particularly linux-based ones, whenever you see the option for a source or destination address you can simply provide a CIDR style network specification. So 115.239.0.0/16.
Zoredache
- 130,897
- 41
- 276
- 420