CentOS

hunter86_bg wrote: ↑

2019/01/06 13:56:21

Just a warning.
Try to avoid direct rules if possible.
As per my knowledge, you want to protect yourself from ddos , right?

Maybe you should check epel for 'fail2ban-firewalld'.
Also, you can use rich rules to prevent bruteforcing by setting limits of established connections.

hunter86_bg wrote: ↑

2019/01/07 07:29:04

Direct rule : is a rule that will be processed before any other and you do not have control which one is the first.Direct rules were created as firewalld is still limited and cannot create all iptables alternatives.
Rich rules are advanced rules in firewalld (see man firewalld.richlanguage).
About unblocking a blocked ip - I'm not sure, you have to check the fail2ban abilities.

Most of the systems I support are always behind a corporate firewall , so I don't have to worry about that stuff.

hack3rcon wrote: ↑

2019/01/06 12:20:55

In below commands what does "INPUT_direct" mean? How about numbers?

man firewall-cmd wrote:[--permanent] --direct --add-rule { ipv4 | ipv6 | eb } table chain priority args
Add a rule with the arguments args to chain chain in table table with priority priority.

The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.

hack3rcon wrote: ↑

2019/01/07 08:15:29

What is the good version of above lines?

yum install fail2ban fail2ban-systemd
man fail2ban