Hello,
On 12/15/2012 01:13 AM, Ranjith Rajaram wrote:
Hello,
This is the default firewalld configuration
[root@localhost ~]# firewall-cmd --list-all
public
interfaces: eth0
services: mdns dhcpv6-client ssh
ports:
forward-ports:
icmp-blocks:
I initiate a ping from another box to a Fedora 18 beta.
Ping is successful. While ping is active,I modify the firewalld to block
icmp
[root@localhost ~]# firewall-cmd --list-all
public
interfaces: eth0
services: mdns dhcpv6-client ssh
ports:
forward-ports:
icmp-blocks: echo-reply echo-request
I go back and check the terminal from where I initiated the ping. I
could see ping is still successful. I expect to see it fail
So I stop the ping process and then restart it. Now I see ping fails
with the "Destination Host Prohibited" message which is expected
When you compare it with old static firewall, the moment you add a
similar rule, icmp request is stopped
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
Active connections are not affected by firewall changes, but new
connections are. It is currently not possible to stop active connections
with firewalld. Suppport for conntrack control needs to be added to be
able to do this.
How do you stop/block a existing active connection using firewalld ?
Is there a way, you can block a specific ip address [I do not see any
option to block]
I am working on adding support to limits zones, services, etc. for
addresses and address ranges.
Best regards
Ranjith
PS: learning firewalld using
https://fedoraproject.org/wiki/FirewallD.
_______________________________________________
firewalld-users mailing list
firewalld-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Thanks,
Thomas