On Samstag, 27. Oktober 2018 20:29:54 Oleg Cherkasov wrote:
On 27.10.2018 18:07, Kenneth Porter wrote:
--On Saturday, October 27, 2018 4:19 PM +0200 Hans-Peter Jansen hpj@urpla.net wrote:
This might be interesting to be used within a fail2ban procedure later on.
While at it, what is the best practice to limit access to such a port like 15060/udp to a couple of sources?
Use an ipset rule. It's easy to add and remove lots of IP addresses without changing the firewall. fail2ban can also use ipsets within firewalld. I suggest asking on the fail2ban mailing list to see if someone has a suitable jail definition.
Honestly I did not know firewalld has support for ipset. If so then ipset indeed the better way to handle malicious IPs. Here is the brief tutorial from firewalld:
Thank you, Kenneth and Oleg, for your hints.
Unfortunately, I still haven't figured out, how to limit a certain service to a couple of source addresses, namely I would like to accept connections on 15060/udp from internal and selected external sources only: e.g. 172.16.123.0/24 and 213.167.161.0/26. It might be possible with ipsets, but no example shows, how to use that as a white list with the destination port requirement.
Any ideas?
TIA, Pete