Hello, I read "https://people.netfilter.org/acidfu/geoip/howto/" article and it is about to limit SSH access by country with iptables. How can I implement it with Firewalld?
Thank you.
On Fri, Jan 29, 2021 at 01:02:29PM -0000, Jason Long wrote:
Hello, I read "https://people.netfilter.org/acidfu/geoip/howto/" article and it is about to limit SSH access by country with iptables. How can I implement it with Firewalld?
The common approach is to use ipsets. You can find a list of country IP addresses in CIDR notation. This can be fed into firewalld and then the ipset added as a source to the `block` zone.
# firewall-cmd --permanent --new-ipset country --type="hash:net" # firewall-cmd --permanent --ipset country --add-entries-from-file=filename # firewall-cmd --permanent --zone block --add-source ipset:country
Hope that helps. Eric.
firewalld-users@lists.fedorahosted.org