How to block routing/forwarding with firewalld

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On CentOS 7 with firewalld I have a box with numerous interfaces acting as a NAT gateway. This works but I noticed that it routes/forwards traffic not just from my internal zone to external zone but also between interfaces within the internal zone. How can I prevent that traffic?

I've tried adding direct and rich rules to deny the traffic but it doesn't work. Direct:

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -s 10.110.4.0/22 -d 10.110.0.0/22 -j REJECT

That command works, and I see it in `iptables -L` but traffic is still allowed. Rich:

# firewall-cmd --zone=trusted --add-rich-rule='rule family=ipv4 source address=10.110.4.0/22 destination address=10.110.0.0/22 reject'
Error: INVALID_RULE: destination action

I can't find any explanation of what that error means. So, how do you tell firewalld to stop forwarding traffic between interfaces?



# firewall-cmd --get-active-zones
public
  interfaces: ens161 ens193
trusted
  interfaces: ens192 ens224 ens256 lo

# firewall-cmd --list-all
public (default, active)
  interfaces: ens161 ens193
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: yes
  forward-ports:
  icmp-blocks:
  rich rules:

--
Jeff White
HPC Systems Engineer
Information Technology Services - WSU

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux