LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-11-2018, 03:41 PM   #1
Sum1
Member
 
Registered: Jul 2007
Distribution: CentOS and Slackware and Gentoo
Posts: 313

Rep: Reputation: 29
firewalld - cannot state a rule with port range


I want to block all incoming and outgoing traffic on internet-facing nic to deal with some malware on a local LAN.

The firewall/router is a CentOS7 box.
I cannot seem to express a rule correctly defining a port range:
Code:
[root@bbb]# firewall-cmd --zone=external --remove-port=50000-65536/tcp
Error: INVALID_PORT: 50000-65536
[root@bbb]# 
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65536 protocol=tcp drop'
Error: INVALID_PORT: 50000-65536
Does anyone know the correct grammar/syntax to drop/remove/reject a range of ports using the firewall-cmd command?

Thanks for your help.
 
Old 04-11-2018, 04:04 PM   #2
Sum1
Member
 
Registered: Jul 2007
Distribution: CentOS and Slackware and Gentoo
Posts: 313

Original Poster
Rep: Reputation: 29
Human Error, Ooops.
There are only 65535 tcp ports, NOT 65536.

Code:
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65000 protocol=tcp drop'
success
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
port forwarding with firewalld crackconfig Linux - Security 1 02-16-2017 12:06 PM
[SOLVED] Firewalld drop/block large ip address range Sum1 CentOS 2 01-27-2017 03:38 PM
Firewalld - enable IP range vmxes Linux - Security 1 06-06-2016 04:04 AM
[SOLVED] iptables port forward not working for port range mapping to anohter Port range in Linux 2.6.39 kinghong66 Linux - Networking 2 06-17-2015 08:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration