Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 04-11-2018, 02:41 PM   #1
Registered: Jul 2007
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332

Rep: Reputation: 30
firewalld - cannot state a rule with port range

I want to block all incoming and outgoing traffic on internet-facing nic to deal with some malware on a local LAN.

The firewall/router is a CentOS7 box.
I cannot seem to express a rule correctly defining a port range:
[root@bbb]# firewall-cmd --zone=external --remove-port=50000-65536/tcp
Error: INVALID_PORT: 50000-65536
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65536 protocol=tcp drop'
Error: INVALID_PORT: 50000-65536
Does anyone know the correct grammar/syntax to drop/remove/reject a range of ports using the firewall-cmd command?

Thanks for your help.
Old 04-11-2018, 03:04 PM   #2
Registered: Jul 2007
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332

Original Poster
Rep: Reputation: 30
Human Error, Ooops.
There are only 65535 tcp ports, NOT 65536.

[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65000 protocol=tcp drop'


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding with firewalld crackconfig Linux - Security 1 02-16-2017 11:06 AM
[SOLVED] Firewalld drop/block large ip address range Sum1 CentOS 2 01-27-2017 02:38 PM
Firewalld - enable IP range vmxes Linux - Security 1 06-06-2016 03:04 AM
[SOLVED] iptables port forward not working for port range mapping to anohter Port range in Linux 2.6.39 kinghong66 Linux - Networking 2 06-17-2015 07:17 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:11 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration