[CentOS-docs] Contrib Request, SSH FirewallD

Mon Oct 30 03:21:46 UTC 2017
Akemi Yagi <amyagi at gmail.com>

On Sun, Oct 29, 2017 at 8:06 PM, Casey Doyle <cdoyle at timelesslyprecise.com>
wrote:

> Hello,
>
> I would like permission to contribute information to the wiki...
>
> Username: CaseyDoyle
>
> To append an additional method for ssh blocking with firewallD:
>
> Page:
> https://wiki.centos.org/HowTos/Network/SecuringSSH#head-
> 3579222198adaf43a3ecbdc438ebce74da40d8ec
>
> Suggest to add the following info to it pertinent section:
>
> ------
> 6. Filter SSH at the Firewall
>
> complementary to iptables method, there is firewall-cmd for newer systems
> using FirewallD:
>
> firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 0 -p
> tcp --dport 22 -m state --state NEW -m recent --set
> firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 1 -p
> tcp --dport 22 -m state --state NEW -m recent --update --seconds 30
> --hitcount 4 -j REJECT --reject-with tcp-reset
> firewall-cmd --reload
> ------
>
> Please advise.
> Kind Regards,
> --
> Casey Doyle
>

​You can edit the page now. Thanks for your contribution.

Akemi​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-docs/attachments/20171029/4458c543/attachment-0006.html>