roles/common: Rate limit SSH connections in firewalld

I think 5 connections per minute is more than enough. Any over this and it will be logged to the systemd journal as a warning. See: https://www.win.tue.nl/~vincenth/ssh_rate_limit_firewalld.htm See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/configuring_complex_firewall_rules_with_the_rich-language_syntax
2019-01-28 14:09:18 +02:00 · 2019-01-28 14:09:18 +02:00 · 329edaee87
commit 329edaee87
parent bc88e05aa5
1 changed files with 12 additions and 2 deletions
--- a/roles/common/templates/public.xml.j2
+++ b/roles/common/templates/public.xml.j2
@ -7,14 +7,24 @@
    <rule family="ipv4">
        <source address="0.0.0.0/0"/>
        <port protocol="tcp" port="22"/>
-        <accept/>
+        <log prefix="ssh fw limit 5/m " level="warning">
+            <limit value="5/m"/>
+        </log>
+        <accept>
+            <limit value="5/m"/>
+        </accept>
    </rule>

    {# ipv6 ssh rules #}
    <rule family="ipv6">
        <source address="::/0"/>
        <port protocol="tcp" port="22"/>
-        <accept/>
+        <log prefix="ssh fw limit 5/m " level="warning">
+            <limit value="5/m"/>
+        </log>
+        <accept>
+            <limit value="5/m"/>
+        </accept>
    </rule>

    {# web rules #}