0

Working from my Arch Console (having not yet installed Openbox), I've installed firewalld, sudo pacman -S firewalld, then, to check that it's overall working, firewall-cmd --panic-on correctly blocks my ping -c 3 8.8.8.8. But is it specifically working for my LAN port enp0s25? When I configure like this:

sudo firewall-cmd --set-default-zone=drop
sudo firewall-cmd --zone=drop --change-interface=enp0s25
firewall-cmd --zone=drop --add-rich-rule='rule family="ipv4" source address="8.8.8.8" reject'

(The last line thanks to Hitesh Jethva.) I can still get a ping from 8.8.8.8. Why, and is there a way from the Console to check that firewalld is working for my interface?

joharr
  • 103

1 Answers1

0

From my understanding you want to block ping towards 8.8.8.8, so that is not source address, it's destination address. You could use rich rules to configure it if there are many IPs that change often.

Generally speaking, you can block ICMP like this:

firewall-cmd --zone=public --add-icmp-block={echo-request,echo-reply,timestamp-reply,timestamp-request} --permanent 

firewall-cmd --reload

You can also use pre-defined lists of IPs/objects. See here how.

Overmind
  • 3,221