A. Under iptables I presently use: -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 10 --dport 22 -j LOG --log-prefix "IPTables-CONNLIMIT 22 " --log-level 4 -A INPUT -i eth0 -p tcp --syn -m connlimit --connlimit-above 10 --dport 22 -j REJECT -A INPUT -j REJECT --reject-with icmp-host-prohibited which had the effect of blocking some rapid fire dictionary probing, and leaving a message I could use to add a manual drop rule as well, when the next day's logwatch report arrived sshd: Authentication Failures: root (117.21.191.108): 2733 Time(s) root (42.7.27.164): 2430 Time(s) root (116.31.116.28): 979 Time(s) B. I would add something like this: iptables:-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 117.21.191.0/24 -j DROP My question is: What are the CLI analogs to bring current steps A and B above ? I see two possible answers for the: -i eth0 [root@router ~]# firewall-cmd --get-zones block dmz drop external home internal public trusted work being external and public looking further it looks as though the correct one is: public as that contains the external interfacce [root@router ~]# firewall-cmd --zone=public --list-all public target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client squid ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@router ~]# firewall-cmd --zone=external --list-all external (active) target: default icmp-block-inversion: no interfaces: enp0s25 sources: services: ssh ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: [root@router ~]# But I do not see a writeup as to rate limiting or blocking a particular CIDR and service (reading: https://fedoraproject.org/wiki/Firewalld?rd=FirewallD ) Thanks -- Russ herrold