Re: [CentOS] Netfilter fails to filter traffic from a netblock?

On 19/04/2020 15:30, Jeffrey Walton wrote:

Ugh, thanks. I did not realize the changes were only temporary.

What is the recommended way to permanently add a ban rule?

On CentOS 7, the default firewall is "firewalld", and you can configure it with "firewall-cmd". You can use it to add temporary or permanent rules. You can read the man page of that to learn how to view, add, modify or delete rules.

Personally though, I find firewalld to be cumbersome, so I remove it completely, and installed instead "iptables-services".

yum erase firewalld yum install iptables-services

Then, after adding your iptables rule(s), run:

iptables-save > /etc/sysconfig/iptables ip6tables-save > /etc/sysconfig/ip6tables

They'll be applied at boot.

Regards, Anand