[CentOS-docs] firewalld configuration for securing SSH

Kimberlee Integer Model kimee.i.model at gmail.com
Fri Apr 26 17:22:20 UTC 2019


Thank you, I've gone in and made the listed changes changed firewalld
sections to use services instead of just port numbers.

-- Kimee


On Wed, 2019-04-24 at 17:05 -0700, Akemi Yagi wrote:
> On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model
> <kimee.i.model at gmail.com> wrote:
> > 
> > HI all,
> > 
> > 1st time contributor here. I was using the guide on securing SSH,
> > and
> > noticed that the firewall-cmd snippets for filtering by requests
> > per
> > time seem somewhat outdated. From what I can tell the given
> > snippets,
> > relay arguments directly down to iptables, and do not cover both
> > IPv4
> > and v6. (and in fact when attempting to extend to v6 the firewall
> > would
> > fail to reload). I came up with an "all firewall-cmd" solution
> > which
> > I'd like to share.
> > 
> > It boils down to using rich rules in firewalld instead of direct
> > rules
> > for iptables. The code snippets in section 6 of <
> > https://wiki.centos.org/HowTos/Network/SecuringSSH>; would be
> > changed to
> > 
> > firewall-cmd --permanent --add-rich-rule='rule port port="22"
> > protocol="tcp" accept limit value="4/m"'
> > firewall-cmd --permanent --remove-service ssh
> > firewall-cmd --permanent --remove-port 22/tcp
> > firewall-cmd --reload
> > 
> > newly minted wiki username is "KimeeModel".
> > 
> > Regards,
> > Kimee
> 
> You should be able to edit that page. Let us know if you find any
> problem.
> 
> Akemi
> _______________________________________________
> CentOS-docs mailing list
> CentOS-docs at centos.org
> https://lists.centos.org/mailman/listinfo/centos-docs



More information about the CentOS-docs mailing list