Categories
SecOps

How to block IP address using Dynamic Firewall Manager

Block IP address using Dynamic Firewall Manager.

Use drop zone to block a network subnet.

$ sudo firewall-cmd --zone=drop --add-source=192.168.0.0/16
success

Use drop zone to block multiple IP addresses.

$ sudo firewall-cmd --zone=drop --add-source=172.16.0.2 --add-source=172.16.0.3
success

Display dropped IP addresses.

$ sudo firewall-cmd --list-sources --zone drop
192.168.0.0/16 172.16.0.2 172.16.0.3
$ sudo firewall-cmd --get-active-zones 
drop
  sources: 192.168.0.0/16 172.16.0.2 172.16.0.3
external
  interfaces: eth0
internal
  interfaces: eth1

Make configuration permanent.

$ sudo firewall-cmd --runtime-to-permanent
success

Beware, it will only block new connections. Existing connections will not be dropped.