On Fri, Jan 29, 2021 at 01:02:29PM -0000, Jason Long wrote:
Hello,
I read "https://people.netfilter.org/acidfu/geoip/howto/" article and it is
about to limit SSH access by country with iptables. How can I implement it with Firewalld?
The common approach is to use ipsets. You can find a list of country IP
addresses in CIDR notation. This can be fed into firewalld and then the
ipset added as a source to the `block` zone.
# firewall-cmd --permanent --new-ipset country --type="hash:net"
# firewall-cmd --permanent --ipset country --add-entries-from-file=filename
# firewall-cmd --permanent --zone block --add-source ipset:country
Hope that helps.
Eric.