How to block outside IP addresses with firewalld on CentOS 7

There are situations were specific IP addresses or ranges may need to be blocked.  In my case I have SIP hackers trying to brute force a publicly exposed Asterisk server.  I don’t have control over the exterior gateway or firewalls between the server and public internet.  So in this case I have to specifically block access to a single host. 

From Asterisk:

[Aug 15 14:13:33] NOTICE[20986]: chan_sip.c:26214 handle_request_register: Registration from ‘”3292″ <sip:3292@>’ failed for ‘’ – Wrong password

Goals of this Post:

  • Instruct firewalld to ‘drop’ all connection attempts from a single host



Written by mattb in: Linux | Tags: , , , ,

UPDATE – Managing Multiple Interfaces with Fedora 21, libvirt, Qemu, NetworkManager

This post is an update to a previous post on using multiple interfaces(Ethernet cards) on the LAN, – utilizing RedHat’s popular virtualization tools – QEMU, KVM, libvirt, and virt-manager.  In this article I will demonstrate with Fedora 21, but this roughly applies to CentOS 7 as well.

I’ve resisted upgrading to recent versions of Fedora/CentOS for a long time.  The main reason is that I hate NetworkManager.  It does to much automatically; I much preferred the old ‘network’ daemon that could easily be manually set.  For instance if I create a Bridge(call it bridge1) interface assigned to my second Ethernet card(eth1) NetworkManager will automatically create a profile for each with automatic startup and DHCP enabled!  I don’t need or want a DHCP lease on either side of a bridged interface!  Among other issues are the creation of duplicate profiles when libvirt restarts.  So NetworkManger reports ‘bridge1’ & ‘bridge1’ in the NM start menu applet.

Ideally libvirt and NetworkManager would work hand in hand because Redhat sponsors both projects…

In this article we will describe the steps to allow you to connect two seperate NIC’s to a switch; assigning one of the NIC’s specifically to guest VM’s.

Goals of this post:

  • Set NetworkManager to ignore bridge and Ethernet device
  • enable systemd version of rc.local boot script to create bridge at boot
  • assign host to specific bridged Ethernet device