2

So I'll try to not get in to the details, but I'm having to use the "trusted" zone in firewalld (dev's keep complaining its the firewalld blocking their software, and want me to turn the firewalls off).

I would like to block a single IP (the network gateway) in the trusted zone.

I have done: added the network to the trusted zone

add the subnet to trusted zone

sudo firewall-cmd --zone=trusted --permanent --add-source=192.168.0.0/16

block the ip

sudo firewall-cmd --zone=trusted --add-rich-rule 'rule family="ipv4" source address=192.168.0.1 reject'
sudo firewall-cmd --zone=trusted --add-rich-rule 'rule family="ipv4" source address=192.168.0.1 drop'

block everywhere because still working

sudo firewall-cmd --add-rich-rule 'rule family="ipv4" source address=192.168.0.1 reject'
sudo firewall-cmd --add-rich-rule 'rule family="ipv4" source address=192.168.0.1 drop'

make the default zone drop

sudo firewall-cmd --set-default=drop

reload

sudo firewall-cmd --reload

and make sure its all there

sudo firewall-cmd --list-all-zones

I'm guessing the order in which the iptables are the problem. Is there another way ? or am I missing something. I've even tried adding source and dest to the block.

Community
  • 1
sirmonkey
  • 76
  • 1
  • 1
  • 6

1 Answers1

1

Are you sure you source address is the gateway? For example, depending on your setup a host that is not your gateway connecting to you host would have its own IP address as the source even though it comes through your gateway. You can also try running tcpdump and monitor what comes in when you test the configurations you are expecting to block to see the true source address. Good luck

ryorke
  • 71
  • 1
  • 1
    thanks for the input! Yes it was very confusing... running tcpdump/wireshark is helpful I ended up using firewalld "direct" rules. And talking bossman into going about this a different way. – sirmonkey Jul 05 '17 at 17:17