I said I had reasons. For one it be kind of difficult to have a program that runs in real time monitoring network hacking attempts use a GUI per your suggestion to add a rule to block the IP address of the perpetrator. This is a very dynamic application that responds and blocks these attempts typically within 2 seconds. It's written to use iptables and it does checks to see if a rule already exists for the IP address in question and if it is active or not, if not it is added. So rewriting it to use firewalld it would need to be able to do that and at the moment I'm not familiar enough with firewalld to know how to get a list of these rules that are in place in real time for that check. The rules are not permanent that is by design and are cleared by the nature of a reboot. Previous rules can be added on boot if the necessity arises.
On Aug 8, 2024, at 22:50, Darryl Gregorash <raven@accesscomm.ca> wrote:
On 2024-08-08 19:42, Curtis J Blank wrote:
I'm running Tumbleweed and using firewalld. If I want to block some incoming IP addresses and I add iptables reject rules will that work to block them?
I do a iptables -L and iptables appears to be available.
I have my reasons for wanting to use iptables for this blocking. I don't know what reasons you might have for wanting to use iptables, but I wouldn't recommend it. With firewalld, it is easy to set up a rule (called an IPset) that will block as many ip addresses as you want, all with just one rule. In addition to the URL David Rankin gave, the official firewalld documentation is at https://firewalld.org/documentation/ I suggest using the firewalld GUI: in the application launcher, go to System/ and run Firewall. You will need the root password.