On Samstag, 27. Oktober 2018 20:29:54 Oleg Cherkasov wrote:
On 27.10.2018 18:07, Kenneth Porter wrote:
> --On Saturday, October 27, 2018 4:19 PM +0200 Hans-Peter Jansen
> <hpj(a)urpla.net> wrote:
>
>
>> This might be interesting to be used within a fail2ban procedure later
>> on.
>>
>>
>>
>> While at it, what is the best practice to limit access to such a port
>> like 15060/udp to a couple of sources?
>
>
> Use an ipset rule. It's easy to add and remove lots of IP addresses
> without changing the firewall. fail2ban can also use ipsets within
> firewalld. I suggest asking on the fail2ban mailing list to see if
> someone has a suitable jail definition.
Honestly I did not know firewalld has support for ipset. If so then
ipset indeed the better way to handle malicious IPs. Here is the brief
tutorial from firewalld:
https://firewalld.org/2015/12/ipset-support
Thank you, Kenneth and Oleg, for your hints.
Unfortunately, I still haven't figured out, how to limit a certain service to
a couple of source addresses, namely I would like to accept connections on
15060/udp from internal and selected external sources only: e.g.
172.16.123.0/24 and 213.167.161.0/26. It might be possible with ipsets, but no
example shows, how to use that as a white list with the destination port
requirement.
Any ideas?
TIA,
Pete