Hello,
This is the default firewalld configuration
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks:
I initiate a ping from another box to a Fedora 18 beta.
Ping is successful. While ping is active,I modify the firewalld to block icmp
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks: echo-reply echo-request
I go back and check the terminal from where I initiated the ping. I could see ping is still successful. I expect to see it fail
So I stop the ping process and then restart it. Now I see ping fails with the "Destination Host Prohibited" message which is expected
When you compare it with old static firewall, the moment you add a similar rule, icmp request is stopped
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
How do you stop/block a existing active connection using firewalld ?
Is there a way, you can block a specific ip address [I do not see any option to block]
Best regards Ranjith
PS: learning firewalld using https://fedoraproject.org/wiki/FirewallD.