On Monday, October 12, 2020, 04:51:55 PM GMT+3:30, Eric Garver <firstname.lastname@example.org> wrote:
On Sat, Oct 10, 2020 at 09:43:01AM +0000, Jason Long wrote:
> Thank you.
> Then, I must remove "SSH" from services section
> and open port 22?
No. That's already done with the rich rule.
> On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver <email@example.com
> On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
> > My current configuration is:
> > public (active)
> >Â target: default
> >Â icmp-block-inversion: no
> >Â interfaces: ens192
> >Â sources:
> >Â services: http https ssh
> "ssh" here conflicts with your rich rule below. Here "ssh" is _always_
> accepted. The rich rule will limit as intended, but that's not useful if
> you have "ssh" in service as well, because it always accepts (i.e. no
> >Â ports: 990/tcp 40000-50000/tcp
> >Â protocols:
> >Â masquerade: no
> >Â forward-ports:
> >Â source-ports:
> >Â icmp-blocks:
> >Â rich rules:
> > Â Â Â rule service name="ssh" accept limit value="1/m"
> > Any rich rules that improve protection?
> firewalld-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to email@example.com
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://firstname.lastname@example.org