On 27.10.2018 18:07, Kenneth Porter wrote:
--On Saturday, October 27, 2018 4:19 PM +0200 Hans-Peter Jansen
<hpj(a)urpla.net> wrote:
> This might be interesting to be used within a fail2ban procedure later
> on.
>
> While at it, what is the best practice to limit access to such a port
> likeĀ 15060/udp to a couple of sources?
Use an ipset rule. It's easy to add and remove lots of IP addresses
without changing the firewall. fail2ban can also use ipsets within
firewalld. I suggest asking on the fail2ban mailing list to see if
someone has a suitable jail definition.
Honestly I did not know firewalld has support for ipset. If so then
ipset indeed the better way to handle malicious IPs. Here is the brief
tutorial from firewalld:
https://firewalld.org/2015/12/ipset-support