10:46 a.m.
I tried the rich rule:
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log
prefix="PREFIX-SSH-PORT" level="info" limit value="6/m"
accept limit value="3/m"'
This is to limit access to the ssh service from one source to 3 per minute, but allow 6
log lines per minute to syslog.
However this does not limit access to 3 per minute, in fact I experience unlimited access
and only limited, more than 6, log lines in the log.
11:11 a.m.
On Fri, Aug 23, 2019 at 03:46:47PM -0000, Freek de Kruijf wrote:
I tried the rich rule:
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log
prefix="PREFIX-SSH-PORT" level="info" limit value="6/m"
accept limit value="3/m"'
This is to limit access to the ssh service from one source to 3 per minute, but allow 6
log lines per minute to syslog.
However this does not limit access to 3 per minute, in fact I experience unlimited access
and only limited, more than 6, log lines in the log.
You'll need to use two rules.
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" log
prefix="PREFIX-SSH-PORT" level="info" limit
value="6/m"'
firewall-cmd --permanent --add-rich-rule='rule service name="ssh" accept
limit value="3/m"'
1:55 p.m.
Just to be more precise, there need to be a space after the text in prefix=, so
"PREFIX-SSH-PORT ". In iptables this should result in "... --log-prefix
"PREFIX-SSH-PORT " ...; note the space after PORT. Otherwise elements in the
text in the syslog are not separated by spaces.
You may need to use the newest version of firewalld-cmd for this to work this way. See
issue #481 in firewalld on github.
1706
days inactive
1706
days old
firewalld-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Eric Garver -
Freek de Kruijf