Restrict SSH to one IP on VPS with firewalld
I am pretty new to CentOS but the most logical way (at least to me) seemed to be to add your ip address (in my case 192.168.0.22 (static)) to the trusted zone and remove ssh from the public zone:
firewall-cmd --permanent --add-source=192.168.0.22 --zone=trusted
firewall-cmd --permanent --add-service=ssh --zone trusted
firewall-cmd --permanent --remove-service=ssh --zone-public
My thoughts were that you only add ports and services like http and https to 'public' and keep the risky stuff on 'trusted' tied to the (static) ip address of the computer you use for access. So if your ip is 220.127.116.11 you can access all services listed in trusted and if your ip is anything other than 192.168.0.22 then you can only access the restricted set of services in the public zone e.g. http and https. This seems incredibly simple compared to other solutions but worked great for my tests and keeps everything neat - isn't that the whole purpose of zones or have I completely misunderstood?
Đăng nhận xét