How to block outside IP addresses with firewalld on CentOS 7

Aug
20
2017

There are situations were specific IP addresses or ranges may need to be blocked. In my case I have SIP hackers trying to brute force a publicly exposed Asterisk server. I don’t have control over the exterior gateway or firewalls between the server and public internet. So in this case I have to specifically block access to a single host.

From Asterisk:

[Aug 15 14:13:33] NOTICE[20986]: chan_sip.c:26214 handle_request_register: Registration from ‘”3292″ <sip:3292@64.56.135.10>’ failed for ‘195.154.188.25:5170’ – Wrong password

Goals of this Post:

Instruct firewalld to ‘drop’ all connection attempts from a single host

[root@PBX asterisk]# firewall-cmd –permanent –add-rich-rule=”rule family=’ipv4′ source address=’195.154.188.25′ drop”
success
[root@PBX asterisk]#

Alternatively we can use firewall-config. Below is an example of the GUI front end for firewalld). Add a rich rule to block specific hosts.

[root@PBX asterisk]# firewall-config

When using the ‘firewall-config’ command don’t forget to set to ‘permanent’ and ‘reload’.

Written by mattb in: Linux | Tags: block host, centos7, firewall-config, firewalld, GUI

No Comments »

RSS feed for comments on this post. TrackBack URL

Save Lono

Linux Stuff, IT News, and Open Source Software

How to block outside IP addresses with firewalld on CentOS 7

No Comments »

Leave a comment

Recent Posts