On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
My current configuration is:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: http https ssh
"ssh" here conflicts with your rich rule below. Here "ssh" is
_always_
accepted. The rich rule will limit as intended, but that's not useful if
you have "ssh" in service as well, because it always accepts (i.e. no
limit).
ports: 990/tcp 40000-50000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule service name="ssh" accept limit value="1/m"
Any rich rules that improve protection?