firewalld stop outgoing traffic to a particular ip address
8,887
I don't like debugging firewall issues from a front-end and prefer to look at the actual rule sets with [sudo] iptables -L -v -n
or [sudo] iptables-save
.
I think that will show that your rich rule is still only applied to incoming connections, rather than outgoing.
To use firewalld for anything but incoming traffic is AFAIK rather difficult to achieve and you may have to resort to direct rules
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 134.223.116.100/32 -j REJECT
Related videos on Youtube
Author by
leontp587
Updated on September 18, 2022Comments
-
leontp587 almost 2 years
I have centos 7. I'm trying to stop all outbound traffic from a server to a specific ip address, but firewalld is not blocking the traffic. Here's what I did:
[root@server network-scripts]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" destination address="134.223.116.100" drop [root@server network-scripts]# firewall-cmd --get-active-zones public interfaces: ens192 [root@server network-scripts]# firewall-cmd --state running
But I can still curl to the ip address, so what is wrong?
[root@server network-scripts]# curl 134.223.116.100 <HTML><HEAD> <TITLE>Access Denied</TITLE>