[TOP TIP] firewalld IP blacklist with timeout!
The solution comes with the 'ipset' package that allows you to create lists with a auto-expunge timeout, once the timer hits zero the IP address is automatically unlisted, thus there is no reason for you to manually monitor the list.
On CentOS 7 you can install ipset via: yum install ipset
On Ubuntu you can install ipset via: apt-get install ipset
First, we need to create a blacklist. You may create as many as you want, based on your needs. For example you may have a blacklist with a timeout of 1 day and another blacklist with a timeout of 1 month.
Here is how to create an ipv4 list, with an initial hash size of 4096 and a 1-month timeout:
# ipset create blacklist hash:ip family inet hashsize 4096 timeout 4294967
Next step, is to tell the firewall (netfilter) via firewalld to block this list:
# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -m set --match-set blacklist src -j DROP
# firewall-cmd --reload
Setup is over, now we can block IP addresses via the following command:
# ipset add blacklist 192.168.1.193
and unblock them via:
# ipset del blacklist 192.168.1.193
One last thing of note. The firewalld rule will attach itself to the INPUT_direct chain. That means if a connection to an IP address has ALREADY been established, the rule will not match. Of course new connections will all fail, but I think its worth mentioning this in case you are wondering why some XYZ IP seems to be active even after banning it.
Be happy