Thank you.If I remove "SSH" from services section then no security problem? The
rich rule protecting my service?
On Monday, October 12, 2020, 04:51:55 PM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Sat, Oct 10, 2020 at 09:43:01AM +0000, Jason Long wrote:
Thank you.
Then, I must remove "SSH" from services section
Yes.
and open port 22?
No. That's already done with the rich rule.
On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver <egarver(a)redhat.com>
wrote:
On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
> My current configuration is:
>
> public (active)
>Â target: default
>Â icmp-block-inversion: no
>Â interfaces: ens192
>Â sources:
>Â services: http https ssh
"ssh" here conflicts with your rich rule below. Here "ssh" is
_always_
accepted. The rich rule will limit as intended, but that's not useful if
you have "ssh" in service as well, because it always accepts (i.e. no
limit).
>Â ports: 990/tcp 40000-50000/tcp
>Â protocols:
>Â masquerade: no
>Â forward-ports:
>Â source-ports:
>Â icmp-blocks:
>Â rich rules:
> Â Â Â rule service name="ssh" accept limit value="1/m"
>
> Any rich rules that improve protection?
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...