On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model <kimee.i.model at gmail.com> wrote: > > HI all, > > 1st time contributor here. I was using the guide on securing SSH, and > noticed that the firewall-cmd snippets for filtering by requests per > time seem somewhat outdated. From what I can tell the given snippets, > relay arguments directly down to iptables, and do not cover both IPv4 > and v6. (and in fact when attempting to extend to v6 the firewall would > fail to reload). I came up with an "all firewall-cmd" solution which > I'd like to share. > > It boils down to using rich rules in firewalld instead of direct rules > for iptables. The code snippets in section 6 of < > https://wiki.centos.org/HowTos/Network/SecuringSSH> would be changed to > > firewall-cmd --permanent --add-rich-rule='rule port port="22" > protocol="tcp" accept limit value="4/m"' > firewall-cmd --permanent --remove-service ssh > firewall-cmd --permanent --remove-port 22/tcp > firewall-cmd --reload > > newly minted wiki username is "KimeeModel". > > Regards, > Kimee You should be able to edit that page. Let us know if you find any problem. Akemi