On 27.10.2018 18:07, Kenneth Porter wrote:
--On Saturday, October 27, 2018 4:19 PM +0200 Hans-Peter Jansen hpj@urpla.net wrote:
This might be interesting to be used within a fail2ban procedure later on.
While at it, what is the best practice to limit access to such a port likeĀ 15060/udp to a couple of sources?
Use an ipset rule. It's easy to add and remove lots of IP addresses without changing the firewall. fail2ban can also use ipsets within firewalld. I suggest asking on the fail2ban mailing list to see if someone has a suitable jail definition.
Honestly I did not know firewalld has support for ipset. If so then ipset indeed the better way to handle malicious IPs. Here is the brief tutorial from firewalld: