On Monday, October 12, 2020, 04:51:55 PM GMT+3:30, Eric Garver <egarver@redhat.com> wrote:

On Sat, Oct 10, 2020 at 09:43:01AM +0000, Jason Long wrote:
> Thank you.
> Then, I must remove "SSH" from services section

Yes.

> and open port 22?

No. That's already done with the rich rule.

>
>
>
>
>
>
> On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver <egarver@redhat.com> wrote:
>
>
>
>
>
> On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
> > My current configuration is:
> >
> > public (active)
> >  target: default
> >  icmp-block-inversion: no
> >  interfaces: ens192
> >  sources:
> >  services: http https ssh
>
> "ssh" here conflicts with your rich rule below. Here "ssh" is _always_
> accepted. The rich rule will limit as intended, but that's not useful if
> you have "ssh" in service as well, because it always accepts (i.e. no
> limit).
>
> >  ports: 990/tcp 40000-50000/tcp
> >  protocols:
> >  masquerade: no
> >  forward-ports:
> >  source-ports:
> >  icmp-blocks:
> >  rich rules:
> >     rule service name="ssh" accept limit value="1/m"
> _______________________________________________
> firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org
> To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org