firewalld stop outgoing traffic to a particular ip address
8,887
I don't like debugging firewall issues from a front-end and prefer to look at the actual rule sets with [sudo] iptables -L -v -n or [sudo] iptables-save.
I think that will show that your rich rule is still only applied to incoming connections, rather than outgoing.
To use firewalld for anything but incoming traffic is AFAIK rather difficult to achieve and you may have to resort to direct rules
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 134.223.116.100/32 -j REJECT
Related videos on Youtube
06 : 28
Linux Firewall: IPTables to Block/Allow Incoming Traffic
01 : 32
Using IPtables to block outgoing traffic to a TAP interface from a LAN IP address or subnet
![Managing firewalld using firewall-cmd command [RHEL-7.3]](https://i.ytimg.com/vi/sA_MBFD-gLA/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAg7lhiyHFRLrerdmXtU3MPpn4oHQ)
34 : 52
Managing firewalld using firewall-cmd command [RHEL-7.3]
06 : 35
HOW TO BLOCKED INTERNET ACCESS FROM IP address #Sophos XG Series firewall ..
02 : 00
DevOps & SysAdmins: firewalld stop outgoing traffic to a particular ip address
Author by
leontp587
Updated on September 18, 2022Comments
-
leontp587 almost 2 years
I have centos 7. I'm trying to stop all outbound traffic from a server to a specific ip address, but firewalld is not blocking the traffic. Here's what I did:
[root@server network-scripts]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" destination address="134.223.116.100" drop [root@server network-scripts]# firewall-cmd --get-active-zones public interfaces: ens192 [root@server network-scripts]# firewall-cmd --state runningBut I can still curl to the ip address, so what is wrong?
[root@server network-scripts]# curl 134.223.116.100 <HTML><HEAD> <TITLE>Access Denied</TITLE>