From d8d8a01a5f84bd67103420dccb5abc588668b953 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sat, 26 Oct 2019 16:41:42 +0200
Subject: [PATCH] roles/common: Remove SSH rate limiting from firewalld

Rather than a simple rate limit, I'm now using fail2ban to ban IPs
that actually fail to login.
---
 roles/common/templates/public.xml.j2 | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/common/templates/public.xml.j2 b/roles/common/templates/public.xml.j2
index df2e3bf..949dbb0 100644
--- a/roles/common/templates/public.xml.j2
+++ b/roles/common/templates/public.xml.j2
@@ -7,18 +7,14 @@
     <rule family="ipv4">
         <source address="0.0.0.0/0"/>
         <port protocol="tcp" port="22"/>
-        <accept>
-            <limit value="12/m"/>
-        </accept>
+        <accept/>
     </rule>
 
     {# ipv6 ssh rules #}
     <rule family="ipv6">
         <source address="::/0"/>
         <port protocol="tcp" port="22"/>
-        <accept>
-            <limit value="12/m"/>
-        </accept>
+        <accept/>
     </rule>
 
     {# web rules #}