[BlueOnyx:25682] Re: login attempts after IP added to firewall reject list
Larry Smith
lesmith at ecsis.net
Thu Nov 10 19:25:06 -05 2022
Ed,
In my small amount of playing with the firewalld
rules I believe that the server uses the zone public
for its primary ruleset. I have added both allow and
deny rules to the zone by editing the
/etc/firewalld/zones/public.xml file and then restarting
firewalld (systemctl restart firewalld) with great success.
My server has nothing under ipsets, policies, services,
icmptypes or helpers.
--
Larry Smith
lesmith at ecsis.net
On Thu November 10 2022 18:13, Ed Qualls wrote:
> As root, I added IP addresses that the firewall should reject immediately.
> Getting status showed that they had been added to the reject list.
> However, they are still showing up in BlueOnyx with attempts to login as
> root.
>
> For example, I used
>
> firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source
> address='61.177.172.191' reject"
> on one IP address, but just today, someone/something on that IP tried to
> login almost 800 times.
>
> (That IP is registered in Lianyungang city, Jiangsu province, Communist
> China.)
>
>
> Was that not the correct command to use to force rejection of that IP
> address in AlmaLinux/BlueOnyx?
More information about the Blueonyx
mailing list