LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   firewalld - cannot state a rule with port range (https://www.linuxquestions.org/questions/linux-software-2/firewalld-cannot-state-a-rule-with-port-range-4175627463/)

Sum1 04-11-2018 02:41 PM
firewalld - cannot state a rule with port range
 
I want to block all incoming and outgoing traffic on internet-facing nic to deal with some malware on a local LAN.

The firewall/router is a CentOS7 box.
I cannot seem to express a rule correctly defining a port range:
Code:
[root@bbb]# firewall-cmd --zone=external --remove-port=50000-65536/tcp
Error: INVALID_PORT: 50000-65536
[root@bbb]#
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65536 protocol=tcp drop'
Error: INVALID_PORT: 50000-65536
Does anyone know the correct grammar/syntax to drop/remove/reject a range of ports using the firewall-cmd command?

Thanks for your help.

Sum1 04-11-2018 03:04 PM
Human Error, Ooops.
There are only 65535 tcp ports, NOT 65536.

Code:
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65000 protocol=tcp drop'
success


All times are GMT -5. The time now is 08:29 AM.