On 27.10.2018 15:19, Hans-Peter Jansen wrote:
$ firewall-cmd --zone=public --add-rich-rule="rule family='ipv4' source address='46.29.160.140' drop"
but this hadn't any effect. Guess, because port 15060/udp was allowed before. Is there any way to order the firewalld rules somehow?
This might be interesting to be used within a fail2ban procedure later on.
While at it, what is the best practice to limit access to such a port like 15060/udp to a couple of sources?
I suspect it would be reasonable to use a separate active zone instead. So you would have public and drop zones active simultaneously. At least I am doing so for trusted IPs allowing extra services access. You would have to make it look like the following:
drop (active) target: default icmp-block-inversion: yes interfaces: sources: 46.29.160.140/32 services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
You may update it on fly and do not commit to permanent because foes IPs would change all the time.