Re: firewalld configuration for securing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model
<kimee.i.model@xxxxxxxxx> wrote:
>
> HI all,
>
> 1st time contributor here. I was using the guide on securing SSH, and
> noticed that the firewall-cmd snippets for filtering by requests per
> time seem somewhat outdated. From what I can tell the given snippets,
> relay arguments directly down to iptables, and do not cover both IPv4
> and v6. (and in fact when attempting to extend to v6 the firewall would
> fail to reload). I came up with an "all firewall-cmd" solution which
> I'd like to share.
>
> It boils down to using rich rules in firewalld instead of direct rules
> for iptables. The code snippets in section 6 of <
> https://wiki.centos.org/HowTos/Network/SecuringSSH> would be changed to
>
> firewall-cmd --permanent --add-rich-rule='rule port port="22"
> protocol="tcp" accept limit value="4/m"'
> firewall-cmd --permanent --remove-service ssh
> firewall-cmd --permanent --remove-port 22/tcp
> firewall-cmd --reload
>
> newly minted wiki username is "KimeeModel".
>
> Regards,
> Kimee

You should be able to edit that page. Let us know if you find any problem.

Akemi
_______________________________________________
CentOS-docs mailing list
CentOS-docs@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos-docs



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Users]     [CentOS Virtualization]     [Linux Media]     [Asterisk]     [Netdev]     [X.org]     [Xfree86]     [Linux USB]     [Project Hail Cloud Computing]

  Powered by Linux