-   Linux - Software (
-   -   firewalld - cannot state a rule with port range (

Sum1 04-11-2018 02:41 PM

firewalld - cannot state a rule with port range
I want to block all incoming and outgoing traffic on internet-facing nic to deal with some malware on a local LAN.

The firewall/router is a CentOS7 box.
I cannot seem to express a rule correctly defining a port range:

[root@bbb]# firewall-cmd --zone=external --remove-port=50000-65536/tcp
Error: INVALID_PORT: 50000-65536
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65536 protocol=tcp drop'
Error: INVALID_PORT: 50000-65536

Does anyone know the correct grammar/syntax to drop/remove/reject a range of ports using the firewall-cmd command?

Thanks for your help.

Sum1 04-11-2018 03:04 PM

Human Error, Ooops.
There are only 65535 tcp ports, NOT 65536.


[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65000 protocol=tcp drop'

All times are GMT -5. The time now is 11:44 AM.