TransWikia.com

How to get an IP address blocked with firewall-cmd with immediate effect?

Server Fault Asked on December 18, 2021

I am having a problem, with dropping traffic using FirewallD.

I start a continuous ping from host1.example.com (192.0.2.101) to host2.example.com (192.0.2.102), and when I execute either of the below commands on host2:

firewall-cmd -q --permanent --add-rich-rule="rule family='ipv4' source address=192.0.2.102 reject"

or

firewall-cmd --permanent --zone=drop --add-source=192.0.2.102

then reload the firewall using one of the below commands:

firewall-cmd --reload
firewall-cmd --complete-reload
systemctl restart firewalld

the continuous ping started from host1 to host2 does not drop. The only time FirewallD on host2 will drop ICMP traffic from host1 is when I kill the ping process and restart it.

I believe I am having the same issue as discussed on Why firewalld doesn't apply my drop rule?, however, none of those answers were able to help me resolve my issue.

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP