alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/common: Remove SSH rate limiting from firewalld

Browse Source 
Rather than a simple rate limit, I'm now using fail2ban to ban IPs
that actually fail to login.
This commit is contained in:
Alan Orth 2019-10-26 16:41:42 +02:00
parent 4710ee6f07
commit d8d8a01a5f
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/common/templates/public.xml.j2
View File

@ -7,18 +7,14 @@
<rule family="ipv4"> <rule family="ipv4">
<source address="0.0.0.0/0"/> <source address="0.0.0.0/0"/>
<port protocol="tcp" port="22"/> <port protocol="tcp" port="22"/>
<accept> <accept/>
<limit value="12/m"/>
</accept>
</rule> </rule>
{# ipv6 ssh rules #} {# ipv6 ssh rules #}
<rule family="ipv6"> <rule family="ipv6">
<source address="::/0"/> <source address="::/0"/>
<port protocol="tcp" port="22"/> <port protocol="tcp" port="22"/>
<accept> <accept/>
<limit value="12/m"/>
</accept>
</rule> </rule>
{# web rules #} {# web rules #}