Firewalld and ipset swap

Support for security such as Firewalls and securing linux
Post Reply
arcis03071981
Posts: 1
Joined: 2020/04/14 13:11:23

Firewalld and ipset swap

Post by arcis03071981 » 2020/04/14 13:30:22

Hi,

I am new to firewalld and doing my best to understand the firewall management.

I've created ipsets for bogon4 and bogon6, loaded them via firewall-cmd and redirected them to zone=drop since I want to drop all connections to the entities in the ipsets. The active zones in firewall right now are "public" & "drop", should I redirect them to zone=public too or keep them where they are? If I am suppose to redirect the ipsets to zone public, how do I remove them from zone drop?

Code: Select all

Name: bogons4
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 200000
Size in memory: 29048
References: 7
Number of entries: 475

Name: bogons6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 65536 maxelem 200000
Size in memory: 525656
References: 7
Number of entries: 111083
I am using cymru bogons resource, in past, with iptables I used to swap the ipset after getting a new feed, how do I do that with firewall-cmd?

User avatar
jlehtone
Posts: 3192
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Firewalld and ipset swap

Post by jlehtone » 2020/04/14 18:37:11

arcis03071981 wrote:
2020/04/14 13:30:22
I've created ipsets ... and redirected them to zone=drop
By wording, I'd say: No. However, I do say: How did you do that? (I have no idea what a vogon is.)

Post Reply

Return to “CentOS 7 - Security Support”