On Wed, Sep 23, 2020 at 08:36:12PM +0000, Jason Long wrote:
Thank you.
What is you mean about "ipset" ?
ipset is a firewall related ulitity.
Can you show me an example?Â
The example I gave is sufficient. The country.txt should be a file of IP
addresses and masks in CIDR notation - one per line. This is a common
format for "country block" lists. You can find them on various websites.
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
> Hello,
> How can I find the IP range of countries and how can I block countries by IP
address?
IP ranges are available online in "ipset" format. This can be used by
firewalld. Adding the ipset as a "source" to the blocked zone is
sufficient.
 # firewall-cmd --permanent --new-ipset blocked_countries
 # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file
/path/to/file/country.txt
 # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries
 # firewall-cmd --reload
> Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The
iptables extension is called "osf", i.e. operating system
fingerprinting.
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...