Thank you.If I remove "SSH" from services section then no security problem? The
rich rule protecting my service?
On Monday, October 12, 2020, 04:51:55 PM GMT+3:30, Eric Garver
On Sat, Oct 10, 2020 at 09:43:01AM +0000, Jason Long wrote:
Then, I must remove "SSH" from services section
and open port 22?
No. That's already done with the rich rule.
On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver <egarver(a)redhat.com>
On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
> My current configuration is:
> public (active)
>Â target: default
>Â icmp-block-inversion: no
>Â interfaces: ens192
>Â services: http https ssh
"ssh" here conflicts with your rich rule below. Here "ssh" is
accepted. The rich rule will limit as intended, but that's not useful if
you have "ssh" in service as well, because it always accepts (i.e. no
>Â ports: 990/tcp 40000-50000/tcp
>Â masquerade: no
>Â rich rules:
> Â Â Â rule service name="ssh" accept limit value="1/m"
> Any rich rules that improve protection?
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines