I saw that: #firewall-cmd --panic-on
can block all connections.
But this method applies only to the runtime. It cannot be used permanently even after reboot. Is there a command to do this?
The command, or the two commands, should apply to both the current and subsequent sessions, until you issue the opposite command (on/off)
like two switches that turn on and off the passage of data.
I explain better what I want to do. I have a qemu virtual machine connected with br0 bridge. I would like to make only this vm browse the internet and I want to isolate the host. I can do it with --panic-on on the host. But I don’t know if it is correct.
I don’t technically know how to do it. When I start the session the connection on the host is already there and it is also there on the vm. How do I remove the ip address from the host? And then I have to have the ability to connect sometimes anyway. I have to be able to go back.
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j DROP
As I explained above, I want to simply close the outgoing connection as well as the incoming connection. The incoming one is already kept closed by the firewall. Now I wanted to put a rule like the one I wrote now that I went to find on an old discussion. But I ignore for example how to then delete it so I can connect if I want to connect. I have read some do documentation of firewalld, but maybe for you just go and read and then already know how to do things. Not for me. most of the concepts are abstract. And it is precisely because of this difficulty, which evidently I have not found only me, that they created ufw and gufw.