I want to block all incoming and outgoing traffic on internet-facing nic to deal with some malware on a local LAN.
The firewall/router is a CentOS7 box.
I cannot seem to express a rule correctly defining a port range:
Code:
[root@bbb]# firewall-cmd --zone=external --remove-port=50000-65536/tcp
Error: INVALID_PORT: 50000-65536
[root@bbb]#
[root@bbb]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 port port=50000-65536 protocol=tcp drop'
Error: INVALID_PORT: 50000-65536
Does anyone know the correct grammar/syntax to drop/remove/reject a range of ports using the firewall-cmd command?
Thanks for your help.