Hello,
This is the default firewalld configuration
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks:
I initiate a ping from another box to a Fedora 18 beta.
Ping is successful. While ping is active,I modify the firewalld to block icmp
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks: echo-reply echo-request
I go back and check the terminal from where I initiated the ping. I could see ping is still successful. I expect to see it fail
So I stop the ping process and then restart it. Now I see ping fails with the "Destination Host Prohibited" message which is expected
When you compare it with old static firewall, the moment you add a similar rule, icmp request is stopped
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
How do you stop/block a existing active connection using firewalld ?
Is there a way, you can block a specific ip address [I do not see any option to block]
Best regards Ranjith
PS: learning firewalld using https://fedoraproject.org/wiki/FirewallD.
Hello,
On 12/15/2012 01:13 AM, Ranjith Rajaram wrote:
Hello,
This is the default firewalld configuration
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks:
I initiate a ping from another box to a Fedora 18 beta.
Ping is successful. While ping is active,I modify the firewalld to block icmp
[root@localhost ~]# firewall-cmd --list-all public interfaces: eth0 services: mdns dhcpv6-client ssh ports: forward-ports: icmp-blocks: echo-reply echo-request
I go back and check the terminal from where I initiated the ping. I could see ping is still successful. I expect to see it fail
So I stop the ping process and then restart it. Now I see ping fails with the "Destination Host Prohibited" message which is expected
When you compare it with old static firewall, the moment you add a similar rule, icmp request is stopped
iptables -A OUTPUT -p icmp --icmp-type echo-request -j DROP
Active connections are not affected by firewall changes, but new connections are. It is currently not possible to stop active connections with firewalld. Suppport for conntrack control needs to be added to be able to do this.
How do you stop/block a existing active connection using firewalld ?
Is there a way, you can block a specific ip address [I do not see any option to block]
I am working on adding support to limits zones, services, etc. for addresses and address ranges.
Best regards Ranjith
PS: learning firewalld using https://fedoraproject.org/wiki/FirewallD.
firewalld-users mailing list firewalld-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/firewalld-users
Thanks, Thomas
firewalld-users@lists.fedorahosted.org