[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalld-users
Subject:    Re: Routing table manipulations?
From:       Eric Garver <egarver () redhat ! com>
Date:       2019-10-14 12:48:33
Message-ID: 20191014124833.hf4qpkgdtrc5a3p4 () egarver ! localdomain
[Download RAW message or body]

On Sun, Oct 13, 2019 at 04:13:21PM -0700, Stephen Satchell wrote:
> I would like to blackhole certain netblocks in IPv4 and IPv6 using the
> standard routing table.  Does firewalld have support for doing this?

It's not exactly the same thing, but you can add any block of IPs to the
"drop" zone.

    # firewall-cmd --zone=drop --add-source=<cidr>

However, firewalld does not yet support forward filtering. So this will
only affects traffic destined to or originating from the host.

Of course, you could always use a --direct rule to get forward
filtering.

Hope that helps.
Eric.
_______________________________________________
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org

[prev in list] [next in list] [prev in thread] [next in thread]