Linux – FirewallD and nftables – Patrick Marc's Networks

just some notes about FirewallD and nftables

firewall-cmd --zone public --add-rich-rule 'rule service name="ssh" accept limit value="1/m"'
firewall-cmd --zone=trusted --add-source=-your-own-IP-here-
firewall-cmd --runtime-to-permanent

vi /etc/firewalld/policies/dns.xml

<?xml version="1.0" encoding="utf-8"?>
<policy target="CONTINUE">
  <service name="dns"/>
  <rule>
    <service name="dns"/>
    <accept>
      <limit value="5000/m"/>
    </accept>
  </rule>

  <ingress-zone name="ANY"/>
  <egress-zone name="HOST"/>
</policy>

firewall-cmd –reload

firewall-cmd --info-policy=dns
dns (active)
  priority: -1
  target: CONTINUE
  ingress-zones: ANY
  egress-zones: HOST
  services: dns
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule service name="dns" accept limit value="5000/m"

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  sources:
  services: cockpit dhcpv6-client dns ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule service name="ssh" accept limit value="10/m"

nft list ruleset

Linux – FirewallD and nftables

Make a one-time donation

Make a monthly donation

Make a yearly donation

Teilen Sie dies mit:

Related