Thank you.
Then, I must remove "SSH" from services section and open port 22?
On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver <egarver(a)redhat.com>
wrote:
On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
My current configuration is:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: http https ssh
"ssh" here conflicts with your rich rule below. Here "ssh" is
_always_
accepted. The rich rule will limit as intended, but that's not useful if
you have "ssh" in service as well, because it always accepts (i.e. no
limit).
ports: 990/tcp 40000-50000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule service name="ssh" accept limit value="1/m"
Any rich rules that improve protection?