Uncategorized

FirewallD IPSet for blocking list of ips

Leave a comment

Decided to create ipset stophack and add all access to ports 23, 22, 3306, 110, 143, 25 of ip <myserverip>

firewall-cmd –zone=external –add-rich-rule=’rule source ipset=stophack drop’
firewall-cmd –permanent –get-ipsets
firewall-cmd –permanent –new-ipset=stophack –type=hash:net
firewall-cmd –permanent –ipset=stophack –add-entries-from-file=stophack.txt
firewall-cmd –permanent –ipset=stophack –get-entries
firewall-cmd –permanent –ipset=stophack –add-entry=120.224.174.135

cat bdknock.xml
<?xml version="1.0" encoding="utf-8"?>
 <service>
  <port port="12345" protocol="tcp"/>
  <port port="2345" protocol="udp"/>
  <port port="345" protocol="udp"/>
  <port port="54321" protocol="tcp"/>
 </service>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.