On Fri, Aug 23, 2019 at 03:46:47PM -0000, Freek de Kruijf wrote:
I tried the rich rule:
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log
prefix="PREFIX-SSH-PORT" level="info" limit value="6/m"
accept limit value="3/m"'
This is to limit access to the ssh service from one source to 3 per minute, but allow 6
log lines per minute to syslog.
However this does not limit access to 3 per minute, in fact I experience unlimited access
and only limited, more than 6, log lines in the log.
You'll need to use two rules.
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log
prefix="PREFIX-SSH-PORT" level="info" limit
value="6/m"'
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" accept
limit value="3/m"'