[CentOS] Switching from lokkit (iptables) to firewalld

Tue Feb 4 02:22:17 UTC 2020
Thomas Stephen Lee <lee.iitb at gmail.com>

On Tue, Feb 4, 2020 at 5:34 AM Jerry Geis <jerry.geis at gmail.com> wrote:

> Hi All,
> Over the last 20 some years I have a file with about 200K worth of address
> that have "wrongly" tried to connect to my boxes running centos.  So the
> file has one line per address or group of addresses like:
> So using the OLD iptables I would run through my file build the
> iptables.txt file and start that with DROP for the IP address. iptables ran
> through the big list in no time.
> I was trying to run a script to go through each line and run:
>  firewall-cmd --zone=drop --add-source="$ipblock" --permanent
> but this takes a long time.
> What is a "better" way or more efficient way to keep my long list of bad
> addresses and apply them?  Thanks,
> Jerry


If you are using CentOS 7, you can use ipset.

You can add all your IPs and IP ranges to an ipset and do operations on it.


The same should have worked for CentOS 8 except for this,