Re: firewalld configuration for securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Kimee,
Using "--add-rich-rule" does helps, thank for sharing!

Xlord

-----Original Message-----
From: CentOS-docs [mailto:centos-docs-bounces@xxxxxxxxxx] On Behalf Of
Kimberlee Integer Model
Sent: Wednesday, 24 April 2019 3:14 PM
To: centos-docs@xxxxxxxxxx
Subject:  firewalld configuration for securing SSH

HI all,

1st time contributor here. I was using the guide on securing SSH, and
noticed that the firewall-cmd snippets for filtering by requests per
time seem somewhat outdated. From what I can tell the given snippets,
relay arguments directly down to iptables, and do not cover both IPv4
and v6. (and in fact when attempting to extend to v6 the firewall would
fail to reload). I came up with an "all firewall-cmd" solution which
I'd like to share.

It boils down to using rich rules in firewalld instead of direct rules
for iptables. The code snippets in section 6 of <
https://wiki.centos.org/HowTos/Network/SecuringSSH> would be changed to

firewall-cmd --permanent --add-rich-rule='rule port port="22"
protocol="tcp" accept limit value="4/m"'
firewall-cmd --permanent --remove-service ssh
firewall-cmd --permanent --remove-port 22/tcp
firewall-cmd --reload

newly minted wiki username is "KimeeModel".

Regards,
Kimee

_______________________________________________
CentOS-docs mailing list
CentOS-docs@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-docs

_______________________________________________
CentOS-docs mailing list
CentOS-docs@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-docs



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Users]     [CentOS Virtualization]     [Linux Media]     [Asterisk]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]     [Project Hail Cloud Computing]

  Powered by Linux