Am currently not sure why you do not try it with the firewall groups but if you want to stay on the console/SSH you can try it also with firewall.local and an blacklist.
If it is not a huge one (a few dozen) you can try it with a for loop and an separate blacklist. As an idea →
firewall.local
#!/bin/sh
# Used for private firewall rules
IPT="/sbin/iptables"
BLACKLIST="/etc/sysconfig/gamer_blacklist"
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
# Block gamer blacklist
for i in $(cat ${BLACKLIST}); do
${IPT} -A CUSTOMFORWARD -d ${i} -j REJECT
${IPT} -A CUSTOMOUTPUT -d ${i} -j REJECT
done
;;
stop)
## add your 'stop' rules here
# Block gamer Blacklist
${IPT} -F CUSTOMFORWARD
${IPT} -F CUSTOMOUTPUT
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
and a blacklist under e.g. ‘/etc/sysconfig/gamer_blacklist’ format should be one per line e.g.
135.148.137.xxx
23.227.170.xxx
208.167.243.xxx
192.223.29.xxx
94.23.156.xxx
74.91.124.xx
192.99.5.xx
74.91.125.xxx
31.133.1.xxx
after editing you can reload firewall.local with an
/etc/sysconfig/firewall.local reload
and your rules (every IP have an own rule entry) should be viewable under
iptables -L
with name resolution but also under WUI → Firewall → iptables, check under CUSTOMFORWARD and/or CUSTOMOUTPUT .
Also, an ping IP should deliver an ‘Destination Port Unreachable ping: sendmsg: Operation not permitted’ .
As a first idea.
Best,
Erik
P.S.: There is also another topic → Custom rule for ip blacklist firewall.local which is a little similar but do have also some other ideas.
Link to firewall.local wiki → www.ipfire.org - firewall.local