On 8/8/24 8:42 PM, Curtis J Blank wrote:
I'm running Tumbleweed and using firewalld. If I want to block some incoming IP addresses and I add iptables reject rules will that work to block them?
I do a iptables -L and iptables appears to be available.
I have my reasons for wanting to use iptables for this blocking.
I am not that familiar with firewalld, though I do use it on Tumbleweed. Others will have to fill in specifics, but generally when you have an app managing iptables, which I presume firewalld does similar to ipset or nftables, then you have to be careful writing iptables rules manually. (firewalld uses nftables sets) At least with ipset/nftables/fail2ban there is a careful ordering of "sets" so it all works together. You will have your blocklists (blacklist/whitelist ordered first) and then whatever stateful rules the firewall manager uses next. If you go in and just add a DROP rule, it may come after all other rules and essentially be ignored. I'll have to look more into how firewalld does things. A good nuts-and-bolts reference is: https://wiki.archlinux.org/title/Firewalld -- David C. Rankin, J.D.,P.E.