My current configuration is:
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: http https ssh
ports: 990/tcp 40000-50000/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule service name="ssh" accept limit value="1/m"
Any rich rules that improve protection?