tcpdump gives me the offending IP address every time something on my LAN start spewing crap and saturates my upstream bandwidth; and I have a built- in script for this:
firewall-cmd --add-rich-rule "rule family=ipv4 source address=$1 reject" firewall-cmd --add-rich-rule "rule family=ipv4 destination address=$1 reject"This usually does the trick, but it looks to me like this is only blocks new connections.
Something on someone's phone, started spewing to an IP address today and kept spewing after I added these rules.
Looking through the output of iptables -n -L, I see a rule that accepts an ESTABLISHED connection:
Chain INPUT (policy ACCEPT) target prot opt source destinationACCEPT all – 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED,DNAT
That's the first rule that hits INPUT. I found the rule with the blocked IP address in "Chain IN_FedoraServer_deny". I'm not 100% up to speed on iptables, but it does look to me like only new connections gets blocked.
Is there a way with firewall-cmd to /really/ block an IP address, new or established connections, or is manually adding an iptables rule my only option?
Attachment:
pgpiyy9mLtH3n.pgp
Description: PGP signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
