Thank you, I've gone in and made the listed changes changed firewalld sections to use services instead of just port numbers. -- Kimee On Wed, 2019-04-24 at 17:05 -0700, Akemi Yagi wrote: > On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model > <kimee.i.model@xxxxxxxxx> wrote: > > > > HI all, > > > > 1st time contributor here. I was using the guide on securing SSH, > > and > > noticed that the firewall-cmd snippets for filtering by requests > > per > > time seem somewhat outdated. From what I can tell the given > > snippets, > > relay arguments directly down to iptables, and do not cover both > > IPv4 > > and v6. (and in fact when attempting to extend to v6 the firewall > > would > > fail to reload). I came up with an "all firewall-cmd" solution > > which > > I'd like to share. > > > > It boils down to using rich rules in firewalld instead of direct > > rules > > for iptables. The code snippets in section 6 of < > > https://wiki.centos.org/HowTos/Network/SecuringSSH>; would be > > changed to > > > > firewall-cmd --permanent --add-rich-rule='rule port port="22" > > protocol="tcp" accept limit value="4/m"' > > firewall-cmd --permanent --remove-service ssh > > firewall-cmd --permanent --remove-port 22/tcp > > firewall-cmd --reload > > > > newly minted wiki username is "KimeeModel". > > > > Regards, > > Kimee > > You should be able to edit that page. Let us know if you find any > problem. > > Akemi > _______________________________________________ > CentOS-docs mailing list > CentOS-docs@xxxxxxxxxx > https://lists.centos.org/mailman/listinfo/centos-docs _______________________________________________ CentOS-docs mailing list CentOS-docs@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos-docs