On Fri, Sep 18, 2020 at 06:59:49PM -0000, Jason Long wrote:
Hello,
How can I this attack from hping3 by Firewalld:
# hping3 -S -p 22 --flood --rand-source "IP"
Is it possible?
You can use a rich rule and limit new connections for a port/service.
e.g. allow only 1 SSH connection attempt per minute
# firewall-cmd --zone public --add-rich-rule='rule service name=ssh accept limit
value=1/m'
Keep in mind that some zones (e.g. public) have SSH enabled by default
so you should remove them. Otherwise they'll allow all connection
attempts.
# firewall-cmd --zone public --remove-service=ssh