Hello,
I would like permission to contribute information to the wiki...
Username: CaseyDoyle
To append an additional method for ssh blocking with firewallD:
Page:
Suggest to add the following info to it pertinent section:
------
6. Filter SSH at the Firewall
complementary to iptables method, there is firewall-cmd for newer systems using FirewallD:
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 4 -j REJECT --reject-with tcp-reset
firewall-cmd --reload
------
Please advise.
Kind Regards,
-- Casey Doyle
617-903-8254
Cdoyle@xxxxxxxxxxxxxxxxxxxxx
Please consider the environment before printing this e-mail
***
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
***
617-903-8254
Cdoyle@xxxxxxxxxxxxxxxxxxxxx
Please consider the environment before printing this e-mail
***
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
***
_______________________________________________ CentOS-docs mailing list CentOS-docs@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos-docs
