Thank you for visiting the Rackspace Community
The The Community is live! Post new content or topics so our teams can assist.

Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.

firewalld allow a x.x.x.x/16 block out of x.x.x.x/8 rejected block

Hi forum,

Here is my dilemma, I have blocked all countries outside of the USA in particular APNIC 150.0.0.0/8

To my surprise, there is a florida based company that is using 150.176.0.0/16. APNIC is the parent owner but has sold/leased the range in question.

I want to block 150.0.0.0/8 but allow 150.176.0.0/16

will this work?

firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="150.0.0.0/8" drop'

firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="150.176.0.0/16" accept'

output from public.xml below

<rule family="ipv4">
<source address="150.0.0.0/8"/>
<reject/>
</rule>
<rule family="ipv4">
<source address="150.176.0.0/16"/>
<accept/>
</rule>

  • Hello Mr. Snyder,

    This is not a Rackspace Public Cloud question per se, but a question on how firewalld operates. You may wish to ask Red Hat support or check in the CentOS community forums for the answer.

    Thanks and we do apologize for the inconvenience.

    Best,

    Brian K
    Cloud Virt Engineer II, RHCVA, CCNA
    Rackspace Openstack Public Cloud