Join Log in
Score:0
avatar Server

How to create trap with Firewalld

cn flag
artfulrobot

I'd like to set up the following logic using firewalld

  1. When a host attempts to access the server from the internet on port 22:
    1. DROP and
    2. add their IP to an ipset called "trap" (with 24 hour timeout)
  2. When a host whose IP is on the "trap" list attempts to connect to any port: DROP.

I've read many doc pages but can't see how to implement 1.2 above.

32
1 + 2
jp flag
AlexD
Use `fail2ban`.
0
Reply
cn flag
artfulrobot
@AlexD yes, not a bad idea, thanks.
0
Reply
Score:2
HBruijn avatar Server
in flag
HBruijn

firewalld supports ipsets and you specify the 24 hour timeout (86400 seconds) when setting up that ipset:

firewall-cmd --permanent --new-ipset=trap --type=hash:ip --option=timeout=86400
firewall-cmd --reload

In native net-filter / iptables the logic and ordering of the necessary rules would be:

# Block all traffic from IP-addresses in the trap ipset 
# (with REJECT to facilitate debugging) 

iptables -I INPUT 1 -m set  --match-set trap src -j REJECT 

# Add all IP-addresses to that connect to TCP port 22 to the trap ipset
# (the --timeout value is only necessary when different from the default for the ipset) 

iptables -I INPUT 2 -p tcp  -m tcp --dport 22  -m set  --add-set trap src --timeout 86400 -j SET 

# Reject access access to TCP port 22 for everybody

iptables -I INPUT 3 -p tcp -m tcp --dport 22 -j REJECT

Translating that to native firewalld / firewall-cmd rules/structures is bit beyond me at the moment, but adding the rules 1 & 2 as direct rules should be easy enough.

You should be able to get display entries in the trap list with:

 firewall-cmd --permanent --ipset=trap  --get-entries
+ 1
cn flag
artfulrobot
Ah ok, thanks, so firewalld doesn't have a facility for this. I'm migrating from firehol (which does).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.