Restrict SSH to one IP on VPS with firewalld

I am pretty new to CentOS but the most logical way (at least to me) seemed to be to add your ip address (in my case (static)) to the trusted zone and remove ssh from the public zone:

firewall-cmd --permanent --add-source= --zone=trusted
firewall-cmd --permanent --add-service=ssh --zone trusted
firewall-cmd --permanent --remove-service=ssh --zone-public
firewall-cmd --reload

My thoughts were that you only add ports and services like http and https to 'public' and keep the risky stuff on 'trusted' tied to the (static) ip address of the computer you use for access. So if your ip is you can access all services listed in trusted and if your ip is anything other than then you can only access the restricted set of services in the public zone e.g. http and https. This seems incredibly simple compared to other solutions but worked great for my tests and keeps everything neat - isn't that the whole purpose of zones or have I completely misunderstood?

Nhận xét

Bài đăng phổ biến từ blog này

Fix: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory

Tạo SSH key trên MAC OS X