How to block IP range or country with firewalld?

December 7, 2016 18.2k views
Firewall CentOS
swbot
By:
swbot

Hello,

How can I block IP range or entire country on CentOS 7 with FirewallD? The IP range starts with 180.76.15.* and is Chinese IP.

The command below works for single IP but not for range:

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='180.76.15.154' reject"

I tried with this command for the range but without success:

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='180.76.15/24' reject"

Cheers

Log In to Comment
4 Answers
xMudrii December 7, 2016

I think the correct command is:

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='180.76.15.0/24' reject"

Pay attention to highlighted part

Reply
swbot December 7, 2016

Thank you xMudrii,

This command is executed successfully. Lets see if it works and the Chinese visitors from 180.76.15* will not have access to the site anymore.

Cheers,
Ivo

Reply
swbot December 7, 2016

The command is not working, I run the command and reload my firewall for the changes to take effect, but unfortunately the 180.76.15* still have access to my site. Any other ideas?

Reply
timothydpulliam September 9, 2018

You have to reload firewalld after adding a permanent rule.

firewall-cmd --reload
Reply
Have another answer? Share your knowledge.

Related Questions