[CentOS-docs] Contrib Request, SSH FirewallD

Mon Oct 30 03:06:34 UTC 2017
Casey Doyle <cdoyle at timelesslyprecise.com>


I would like permission to contribute information to the wiki...

Username: CaseyDoyle

To append an additional method for ssh blocking with firewallD:


Suggest to add the following info to it pertinent section:

6. Filter SSH at the Firewall

complementary to iptables method, there is firewall-cmd for newer systems
using FirewallD:

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p
tcp --dport 22 -m state --state NEW -m recent --set
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p
tcp --dport 22 -m state --state NEW -m recent --update --seconds 30
--hitcount 4 -j REJECT --reject-with tcp-reset
firewall-cmd --reload

Please advise.
Kind Regards,
Casey Doyle
Cdoyle at TimelesslyPrecise.com
Please consider the environment before printing this e-mail

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error, please notify the system manager.
This message contains confidential information and is intended only for the
individual named. If you are not the named addressee, you should not
disseminate, distribute or copy this email. Please notify the sender
immediately by email if you have received this email by mistake and delete
this email from your system. If you are not the intended recipient, you are
notified that disclosing, copying, distributing or taking any action in
reliance on the contents of this information is strictly prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20171029/c6afb6aa/attachment-0003.html>