10:24 a.m.
But, "rule service name="ssh" accept limit value="1/m""
doesn't protecting my SSH? its limited attempts!!!
On Tuesday, October 13, 2020, 05:27:51 PM GMT+3:30, Eric Garver <egarver(a)redhat.com>
wrote:
On Tue, Oct 13, 2020 at 10:49:52AM +0000, Jason Long wrote:
Thank you.If IÂ remove "SSH" from services section then no
security problem? The rich rule protecting my service?
The rich rule is _allowing_ the service. "protecting" is the wrong word.
On Monday, October 12, 2020, 04:51:55 PM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Sat, Oct 10, 2020 at 09:43:01AM +0000, Jason Long wrote:
> Thank you.
> Then, I must remove "SSH" from services section
Yes.
> and open port 22?
No. That's already done with the rich rule.
>
>
>
>
>
>
> On Monday, October 5, 2020, 04:37:52 PM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
>
>
>
>
>
> On Sun, Oct 04, 2020 at 11:23:37AM -0000, Jason Long wrote:
> > My current configuration is:
> >
> > public (active)
> > target: default
> > icmp-block-inversion: no
> > interfaces: ens192
> > sources:
> > services: http https ssh
>
> "ssh" here conflicts with your rich rule below. Here "ssh" is
_always_
> accepted. The rich rule will limit as intended, but that's not useful if
> you have "ssh" in service as well, because it always accepts (i.e. no
> limit).
>
> > ports: 990/tcp 40000-50000/tcp
> > protocols:
> > masquerade: no
> > forward-ports:
> > source-ports:
> > icmp-blocks:
> > rich rules:
> >    rule service name="ssh" accept limit
value="1/m"
> >
> > Any rich rules that improve protection?
> _______________________________________________
> firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
> To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...
_______________________________________________
firewalld-users mailing list -- firewalld-users(a)lists.fedorahosted.org
To unsubscribe send an email to firewalld-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedora...