How can i block all ssh connections except the ones from a specific source in firewalld and also log the denied ssh connections

Question

How can i block all ssh connections except ones from 192.168.1.1 in firewalld and at the same time log the the refused ssh connections?

I tried:

firewall-cmd --permanent --set-default-zone=drop
firewall-cmd --permanent --add-source=192.168.1.1 --zone=trusted
firewall-cmd --permanent --add-service=ssh --zone=trusted

this blocks them but doesn't log the denied ssh connections.

score 0 · Answer 1 · answered Mar 31 '20 at 09:01

0

You have to enable the logging of denied packets in /etc/firewalld/firewalld.conf

LogDenied=all

or on the command line:

firewall-cmd --set-log-denied=all

answered Mar 31 '20 at 09:01

kofemann

4,217
1
34
39

How can i block all ssh connections except the ones from a specific source in firewalld and also log the denied ssh connections

1 Answers1