Hello,
I am trying to block all kinds (TCP/UDP/ICMP and so on) of network traffic
from/to a specific IP address, and I have used the IP 4.2.2.1 as a
test. My firewall-cmd
--list-all shows:
root@summersnow # firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: wlp4s0
sources:
services: dhcpv6-client
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" destination address="4.2.2.1" drop
rule family="ipv4" source address="4.2.2.1" drop
rule family="ipv4" source address="4.2.2.1" reject
rule family="ipv4" destination address="4.2.2.1" reject
However, I can confirm that I can still receive DNS responses from it by:
root@summersnow # nslookup
twitter.com 4.2.2.1
Server: 4.2.2.1
Address: 4.2.2.1#53
Non-authoritative answer:
Name:
twitter.com
Address: 104.244.42.65
Name:
twitter.com
Address: 104.244.42.129
The rich rules above seem not working properly. Any ideas?
Thanks,
HanatoK