Hi there, Wouldn't that be a better solution to create a custom xml file to put in /etc/firewalld and load that "ssh-custom" service instead ? Thanks On 26/04/2019, Kimberlee Integer Model <kimee.i.model at gmail.com> wrote: > Thank you, I've gone in and made the listed changes changed firewalld > sections to use services instead of just port numbers. > > -- Kimee > > > On Wed, 2019-04-24 at 17:05 -0700, Akemi Yagi wrote: >> On Wed, Apr 24, 2019 at 12:13 AM Kimberlee Integer Model >> <kimee.i.model at gmail.com> wrote: >> > >> > HI all, >> > >> > 1st time contributor here. I was using the guide on securing SSH, >> > and >> > noticed that the firewall-cmd snippets for filtering by requests >> > per >> > time seem somewhat outdated. From what I can tell the given >> > snippets, >> > relay arguments directly down to iptables, and do not cover both >> > IPv4 >> > and v6. (and in fact when attempting to extend to v6 the firewall >> > would >> > fail to reload). I came up with an "all firewall-cmd" solution >> > which >> > I'd like to share. >> > >> > It boils down to using rich rules in firewalld instead of direct >> > rules >> > for iptables. The code snippets in section 6 of < >> > https://wiki.centos.org/HowTos/Network/SecuringSSH>; would be >> > changed to >> > >> > firewall-cmd --permanent --add-rich-rule='rule port port="22" >> > protocol="tcp" accept limit value="4/m"' >> > firewall-cmd --permanent --remove-service ssh >> > firewall-cmd --permanent --remove-port 22/tcp >> > firewall-cmd --reload >> > >> > newly minted wiki username is "KimeeModel". >> > >> > Regards, >> > Kimee >> >> You should be able to edit that page. Let us know if you find any >> problem. >> >> Akemi >> _______________________________________________ >> CentOS-docs mailing list >> CentOS-docs at centos.org >> https://lists.centos.org/mailman/listinfo/centos-docs > > _______________________________________________ > CentOS-docs mailing list > CentOS-docs at centos.org > https://lists.centos.org/mailman/listinfo/centos-docs >