firewalld

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
firewalld [2019/10/22 09:12] – [Direct rules] adminfirewalld [2020/05/17 08:47] (current) – [IPSET] dani
Line 377: Line 377:
  
 =====IPSET===== =====IPSET=====
 +**Very important:** This procedure does not work with ''firewalld'' and ''nftables'' backend!
 +
 To setup a blacklist using ipset, you have to follow this example: To setup a blacklist using ipset, you have to follow this example:
  
   - If you want to add first an old (active) ''ipset'' rule, do following:<code bash>   - If you want to add first an old (active) ''ipset'' rule, do following:<code bash>
-ipset save blockednets > blockednets.ipset +ipset save blockednets > ipsetsavelist.ipset 
-sed -e 's/^add blockednets //' blockednets.ipset | grep -Ev '^create'blockednets+sed -e 's/^add blockednets //' ipsetsavelist.ipset | grep -Ev '^create'list
 </code> </code>
   - Create the 'hash:net' ipset hash:<code bash>   - Create the 'hash:net' ipset hash:<code bash>
Line 391: Line 393:
   - Optionally add additional networks:<code bash>   - Optionally add additional networks:<code bash>
 firewall-cmd --permanent --ipset=blockednets --add-entry=119.6.204.0/24 firewall-cmd --permanent --ipset=blockednets --add-entry=119.6.204.0/24
-</code> 
-  - Optionally check the ipset list:<code bash> 
-firewall-cmd --ipset=blockednets --get-entries 
 </code> </code>
   - Shows the permanent entries in a ipset:<code bash>   - Shows the permanent entries in a ipset:<code bash>
  • firewalld.1571728332.txt.gz
  • Last modified: 2019/10/22 09:12
  • by admin