Block ip outside my range with firewallD

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I have a server with firewallD on my home network.



My internet router sit at 192.168.1.1



My server external interface uses 192.168.1.70



My internal networks are 192.168.0.0/24 and 192.168.2.0/24 (this last one is offline right now)



The thing is, i was searching some ip-cameras that i was testing, and running fping i found some oddities in my network:



techmago@gw ~ $ fping -A -a -q -g -a -i 10 -r 0 192.168.0.0/16
192.168.0.1
192.168.0.254
192.168.1.1
192.168.1.70
192.168.2.1
192.168.8.34
192.168.60.5
192.168.60.9
192.168.60.7
192.168.60.11
192.168.150.1


The ips from network 8, 60 and 150 are outside my range and they even respond ping!
192.168.150.1 in special, seems to be a CISCO router...
Traceroute to these guys show they are outside my network.



This look like some odd role in my ISP side. To be extra-sure, i wanted to block in my firewall (firewalld) any incoming IP that are outside my range.



somehing in the likes of:



iptables -A INPUT --src 192.168.1.1/24 -j ACCEPT -i eth0
iptables -A INPUT --src 192.168.150.1/16 -j DROP -i eth0


How can i archive this? There is a better approach?







share|improve this question




















  • Since you are using firewalld. Look at using zones and the firewall-cmd command.
    – Raman Sailopal
    Feb 26 at 15:12














up vote
0
down vote

favorite












I have a server with firewallD on my home network.



My internet router sit at 192.168.1.1



My server external interface uses 192.168.1.70



My internal networks are 192.168.0.0/24 and 192.168.2.0/24 (this last one is offline right now)



The thing is, i was searching some ip-cameras that i was testing, and running fping i found some oddities in my network:



techmago@gw ~ $ fping -A -a -q -g -a -i 10 -r 0 192.168.0.0/16
192.168.0.1
192.168.0.254
192.168.1.1
192.168.1.70
192.168.2.1
192.168.8.34
192.168.60.5
192.168.60.9
192.168.60.7
192.168.60.11
192.168.150.1


The ips from network 8, 60 and 150 are outside my range and they even respond ping!
192.168.150.1 in special, seems to be a CISCO router...
Traceroute to these guys show they are outside my network.



This look like some odd role in my ISP side. To be extra-sure, i wanted to block in my firewall (firewalld) any incoming IP that are outside my range.



somehing in the likes of:



iptables -A INPUT --src 192.168.1.1/24 -j ACCEPT -i eth0
iptables -A INPUT --src 192.168.150.1/16 -j DROP -i eth0


How can i archive this? There is a better approach?







share|improve this question




















  • Since you are using firewalld. Look at using zones and the firewall-cmd command.
    – Raman Sailopal
    Feb 26 at 15:12












up vote
0
down vote

favorite









up vote
0
down vote

favorite











I have a server with firewallD on my home network.



My internet router sit at 192.168.1.1



My server external interface uses 192.168.1.70



My internal networks are 192.168.0.0/24 and 192.168.2.0/24 (this last one is offline right now)



The thing is, i was searching some ip-cameras that i was testing, and running fping i found some oddities in my network:



techmago@gw ~ $ fping -A -a -q -g -a -i 10 -r 0 192.168.0.0/16
192.168.0.1
192.168.0.254
192.168.1.1
192.168.1.70
192.168.2.1
192.168.8.34
192.168.60.5
192.168.60.9
192.168.60.7
192.168.60.11
192.168.150.1


The ips from network 8, 60 and 150 are outside my range and they even respond ping!
192.168.150.1 in special, seems to be a CISCO router...
Traceroute to these guys show they are outside my network.



This look like some odd role in my ISP side. To be extra-sure, i wanted to block in my firewall (firewalld) any incoming IP that are outside my range.



somehing in the likes of:



iptables -A INPUT --src 192.168.1.1/24 -j ACCEPT -i eth0
iptables -A INPUT --src 192.168.150.1/16 -j DROP -i eth0


How can i archive this? There is a better approach?







share|improve this question












I have a server with firewallD on my home network.



My internet router sit at 192.168.1.1



My server external interface uses 192.168.1.70



My internal networks are 192.168.0.0/24 and 192.168.2.0/24 (this last one is offline right now)



The thing is, i was searching some ip-cameras that i was testing, and running fping i found some oddities in my network:



techmago@gw ~ $ fping -A -a -q -g -a -i 10 -r 0 192.168.0.0/16
192.168.0.1
192.168.0.254
192.168.1.1
192.168.1.70
192.168.2.1
192.168.8.34
192.168.60.5
192.168.60.9
192.168.60.7
192.168.60.11
192.168.150.1


The ips from network 8, 60 and 150 are outside my range and they even respond ping!
192.168.150.1 in special, seems to be a CISCO router...
Traceroute to these guys show they are outside my network.



This look like some odd role in my ISP side. To be extra-sure, i wanted to block in my firewall (firewalld) any incoming IP that are outside my range.



somehing in the likes of:



iptables -A INPUT --src 192.168.1.1/24 -j ACCEPT -i eth0
iptables -A INPUT --src 192.168.150.1/16 -j DROP -i eth0


How can i archive this? There is a better approach?









share|improve this question











share|improve this question




share|improve this question










asked Feb 26 at 14:56









Techmago

62




62











  • Since you are using firewalld. Look at using zones and the firewall-cmd command.
    – Raman Sailopal
    Feb 26 at 15:12
















  • Since you are using firewalld. Look at using zones and the firewall-cmd command.
    – Raman Sailopal
    Feb 26 at 15:12















Since you are using firewalld. Look at using zones and the firewall-cmd command.
– Raman Sailopal
Feb 26 at 15:12




Since you are using firewalld. Look at using zones and the firewall-cmd command.
– Raman Sailopal
Feb 26 at 15:12















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f426707%2fblock-ip-outside-my-range-with-firewalld%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f426707%2fblock-ip-outside-my-range-with-firewalld%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?